Supply Chain

Stolen OAuth tokens expose Palo Alto customer data

Security firm's Salesforce instance accessed using credentials stolen from Salesloft's Drift platform breach

Cyber-crime02 Sep 2025 | 3

Frostbyte10 bugs put thousands of refrigerators at major grocery chains at risk

Major flaws uncovered in Copeland controllers: Patch now

Patches02 Sep 2025 | 47

Nx NPM packages poisoned in AI-assisted supply chain attack

Stolen dev credentials posted to GitHub as attackers abuse CLI tools for recon

Devops27 Aug 2025 | 2

Microsoft's Nuance coughs up $8.5M to rid itself of MOVEit breach suit

Supply chain breach has been a major target of legal action

Cyber-crime18 Aug 2025 | 6

Weapons jam: Pentagon sucks at removing foreign objects from its gear, auditors say

Component origin isn't tracked, says GAO, meaning the circuits in equipment could be from anywhere

Public Sector24 Jul 2025 | 20

Stalkerware firm gets scooped by SQL-slinging security snoop

Infosec In Brief Also, Swiss ransomware posture looks like its cheese, the CVE Program wants YOU, more sus checks and more

Security06 Jul 2025 | 1

Glasgow City Council online services crippled following cyberattack

Nothing confirmed but authority is operating under the assumption that data has been stolen

Cyber-crime26 Jun 2025 | 14

Supply chain attacks surge with orgs 'flying blind' about dependencies

Who is the third party that does the thing in our thing? Yep. Attacks explode over past year

CSO25 Jun 2025 | 4

Let them eat junk food: Major organic supplier to Whole Foods, Walmart, hit by cyberattack

United Natural Foods shut down some of its systems on June 5 after spotting network intruders

Cyber-crime09 Jun 2025 | 5

DragonForce double-whammy: First hit an MSP, then use RMM software to push ransomware

Updated SimpleHelp was the vector for the attack

Security28 May 2025 |

Ransomware attack on food distributor spells more pain for UK supermarkets

Peter Green Chilled supplies all the major UK chains

Cyber-crime20 May 2025 | 64

Microsoft tries to knife passwords once and for all – at least for consumers

Infosec In Brief PLUS: AirPlay exploits; Six-year old backdoor opens; Raytheon settles federal charges; and more!

Security04 May 2025 | 82

LLMs can't stop making up software dependencies and sabotaging everything

Hallucinated package names fuel 'slopsquatting'

AI Software Development Week12 Apr 2025 | 98

US sensor giant Sensata admits ransomware derailed ops

Props for the transparency though

Cyber-crime10 Apr 2025 | 4

Trump tariffs to make prices great – a gain

World War Fee As costs for US shoppers set to rise, markets slump, orange is new red, we speak to economic experts

Public Sector07 Apr 2025 | 78

That massive GitHub supply chain attack? It all started with a stolen SpotBugs token

But this mystery isn't over yet, Unit 42 opines

Devops07 Apr 2025 | 7

As nation-state hacking becomes 'more in your face,' are supply chains secure?

Interview Ex-US Air Force officer says companies shouldn't wait for govt mandates

CSO24 Mar 2025 | 10

Too many software supply chain defense bibles? Boffins distill advice

How to avoid another SolarWinds, Log4j, and XZ Utils situation

Security20 Mar 2025 | 10

Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos

Ad giant just confirmed its cloudy arm will embrace security shop in $30B deal

Research18 Mar 2025 | 4

GitHub supply chain attack spills secrets from 23,000 projects

Large organizations among those cleaning up the mess

Cyber-crime17 Mar 2025 | 34

Poisoned Go programming language package lay undetected for 3 years

Updated Researcher says ecosystem's auto-caching is a net positive but presents exploitable quirks

Security04 Feb 2025 | 9

North Koreans clone open source projects to plant backdoors, steal credentials

Stealing crypto is so 2024. Supply-chain attacks leading to data exfil pays off better?

Devops29 Jan 2025 | 2

Supply chain attack hits Chrome extensions, could expose millions

Threat actor exploited phishing and OAuth abuse to inject malicious code

Cyber-crime22 Jan 2025 | 6

GM parks claims that driver location data was given to insurers, pushing up premiums

We'll defo ask for permission next time, automaker tells FTC

Personal Tech17 Jan 2025 | 40

Solana blockchain's popular web3.js npm package backdoored to steal keys, funds

Damage likely limited to those running bots with private PKI access

Cyber-crime05 Dec 2024 | 7

Supply chain management vendor Blue Yonder succumbs to ransomware

And it looks like major UK retailers that rely on it are feeling the pinch

Cyber-crime26 Nov 2024 | 9

Cyberattackers stole Microlise staff data following DHL, Serco disruption

Experts say incident has 'all the hallmarks of ransomware'

Cyber-crime06 Nov 2024 | 5

Socket plugs in $40M to strengthen software supply chain

Biz aims to scrub unnecessary dependencies from npm packages in the name of security

Applications22 Oct 2024 |

Global semiconductor sales up 20.6% to record $53.1B as trade wars rage on

Chip boom continues as demand surges, but challenges remain

Systems07 Oct 2024 | 1

Get ready: US port strike may snarl tech supply chains

Updated Time to see if industry learned anything from the last shortage crisis

On-Prem03 Oct 2024 | 20

Lebanon now hit with deadly walkie-talkie blasts as Israel declares ‘new phase’ of war

Updated Second wave of exploding gear kills at least 14 today

Security18 Sep 2024 | 185

Predator spyware updated with dangerous new features, also now harder to track

Infosec in brief Plus: Trump family X accounts hijacked to promote crypto scam; Fog ransomware spreads; Hijacked PyPI packages; and more

Security09 Sep 2024 | 10

Homeland security hopes to scuttle maritime cyber-threats with port infosec testbed

Supply chains, 13M jobs and $649B a year at risk, so Uncle Sam is fighting back - with a request for info

Public Sector05 Sep 2024 | 5

HP Inc loves China – but wants to reduce the risks it presents

Amid reports that plenty of PC production will shift elsewhere, supply chain boss emphasizes agility

Personal Tech09 Aug 2024 | 9

Polyfill.io claims reveal new cracks in supply chain, but how deep do they go?

Opinion There will always be bad actors in the system. We can always learn from the drama they create

Security01 Jul 2024 | 19

If you're using Polyfill.io code on your site – like 100,000+ are – remove it immediately

Scripts turn sus after mysterious CDN swallows domain

CSO25 Jun 2024 | 61

Preventing another chip shortage on G7 summit agenda

Group will also look into protecting subsea communications infrastructure

Public Sector13 Jun 2024 | 1

Euro banks worry AI will increase their dependence on US big tech

Putting such a dominant power in the middle of your supply chain a risky move...

AI + ML10 Jun 2024 | 11

It may take decade to shore up software supply chain security, says infosec CEO

interview Sure, we're waking to the risk, but we gotta get outta bed, warns Endor Labs founder Varun Badhwar

CSO03 May 2024 | 27

Japan to draw up routes for roads dedicated to robot trucks

Digital reform conference sees PM repeat calls to get online government services right at last

Public Sector23 Apr 2024 | 9

What can be done to protect open source devs from next xz backdoor drama?

Kettle What happened, how it was found, and what your vultures have made of it all

Research06 Apr 2024 | 93

Taiwan quake to hit chipmakers' capex, not chip supply

Some equipment suffered minor damage, but the silicon show must go on

Off-Prem05 Apr 2024 | 1

Malicious xz backdoor reveals fragility of open source

Analysis This time, we got lucky. It mostly affected bleeding-edge distros. But that's not a defense strategy

Devops01 Apr 2024 | 98

AI hallucinates software packages and devs download them – even if potentially poisoned with malware

In-depth Simply look out for libraries imagined by ML and make them real, with actual malicious code. No wait, don't do that

Security28 Mar 2024 | 84

Alibaba bins listing for its Cainiao logistics limb

Already backed away from cloud spinout, now gradually breaking up with its own breakup plan

Off-Prem27 Mar 2024 |

Over 170K users caught up in poisoned Python package ruse

Supply chain attack targeted GitHub community of Top.gg Discord server

Cyber-crime25 Mar 2024 | 44

In the rush to build AI apps, please, please don't leave security behind

Feature Supply-chain attacks are definitely possible and could lead to data theft, system hijacking, and more

AI + ML17 Mar 2024 | 20

GitHub struggles to keep up with automated malicious forks

Cloned then compromised, bad repos are forked faster than they can be removed

Security01 Mar 2024 | 26

The latest cold war is already being fought in the supply chain trenches

AI and the chips that power it are at the center of the equation

Systems30 Jan 2024 | 2

Logitech warns of logistical impact of Houthi attacks in Red Sea

Longer lead times, extra costs and more freight coming via air

Personal Tech24 Jan 2024 | 13

Exposed Hugging Face API tokens offered full access to Meta's Llama 2

Updated With more than 1,500 tokens exposed, research highlights importance of securing supply chains in AI and ML

Research04 Dec 2023 | 6

Industry piles in on North Korea for sustained rampage on software supply chains

Kim’s cyber cronies becoming more active, sophisticated in attempts to pwn global orgs

Security23 Nov 2023 | 18

Cisco has a new problem: You take too long to implement its products and stop buying more kit

Supply chain is back to pre-COVID normal, just in time for big clouds to spend $1 billion on networks for AI

Networks16 Nov 2023 | 8

SolarWinds charged after SEC says biz knew IT was leaky ahead of SUNBURST attack

Developer labels action 'unfounded' after company and CISO slapped with suit for misleading investors

Security31 Oct 2023 | 9

MOVEit breach delivers bundle of 3.4 million baby records

Progress Software vulnerability ID'd in enormous burglary at Ontario's BORN

Cyber-crime26 Sep 2023 | 7

Sneaky Python package security fixes help no one – except miscreants

Good thing these eggheads have created a database of patches

Patches26 Jul 2023 | 8