#supply chain attacks

[ follow ]
#supply-chain-attacks #cybersecurity #ai-security #secret-leakage #open-source #malware #software-development
fromwww.theguardian.com
2 hours ago

State-sponsored hackers targeting defence sector employees, Google says

The report catalogues a relentless barrage of cyber operations, most by state-sponsored groups, against EU and US industrial supply chains. It suggests the range of targets for these hackers has grown to encompass the broader industrial base of the US and Europe from German aerospace firms to UK carmakers. State-linked hackers have long targeted the global defence industry, but Luke McNamara, an analyst for Google's threat intelligence group, said they had seen more personalised and direct to individual targeting of employees.
Information security
#ai-security
more#ai-security
Miscellaneous
fromwww.theguardian.com
1 month ago

This is business as usual': boss of bombed Ukrainian vodka maker seeks to expand exports

Ukrainian businesses, exemplified by Nemiroff vodka, sustain and expand exports despite war-related attacks, driving sales growth in Western markets.
React
fromblog.logrocket.com
1 month ago

How to build agentic AI when your data can't leave the network - LogRocket Blog

AI advancements, supply chain attacks, and framework breakthroughs reshaped frontend development in 2025 alongside practical guidance for React Native styling, UI libraries, and TypeScript typing.
Information security
fromComputerWeekly.com
2 months ago

What lies in store for the security world in 2026? | Computer Weekly

Budget cuts and reduced cybersecurity staffing have degraded defenses, causing longer dwell times, slower detection, and greater exposure to supply‑chain and zero‑day attacks in 2026.
fromThe Hacker News
2 months ago

Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More

Fortinet has warned that a new security flaw in FortiWeb has been exploited in the wild. The medium-severity vulnerability, tracked as CVE-2025-58034, carries a CVSS score of 6.7 out of a maximum of 10.0. It has been addressed in version 8.0.2. "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands," the company said.
Information security
Information security
fromIT Pro
3 months ago

Ransomware attacks are hitting European enterprises at record pace

Europe faces record ransomware and state-sponsored cyberattacks, with faster deployments and broad targeting across industries including healthcare, defense, and critical infrastructure.
Information security
fromThe Hacker News
3 months ago

Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months

China-linked Jewelbug conducted a five-month intrusion into a Russian IT service provider, accessing code repositories and exfiltrating data to Yandex Cloud.
Information security
fromTheregister
4 months ago

Socket will block it with free malicious package firewall

Socket released Socket Firewall Free, a free CLI that blocks malicious dependencies at install time across npm, yarn, pnpm, pip, uv, and cargo.
Node JS
fromSecurityWeek
4 months ago

GitHub Boosting Security in Response to NPM Supply Chain Attacks

GitHub will require two-factor authentication for local NPM publishing and deploy short-lived, granular tokens plus trusted publishing to mitigate NPM supply-chain attacks.
Information security
fromThe Hacker News
4 months ago

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Cursor's default-disabled Workspace Trust allows VS Code-style autorun tasks to execute on folder open, enabling arbitrary code execution and potential credential theft.
fromTheregister
5 months ago

Stolen OAuth tokens expose Palo Alto customer data

Marc Benoit, chief information security officer at PAN, confirmed in a note to clients - seen by The Register - that it was informed on August 25 that the "compromise of a third-party application, Salesloft's Drift, resulted in the access and exfiltration of data stored in our Salesforce environment." It immediately disconnected the third-party application from its Salesforce CRM, he said.
Information security
fromThe Hacker News
5 months ago

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks

These changes improve PyPI's overall account security posture, making it harder for attackers to exploit expired domain names to gain unauthorized access to accounts.
Python
#cybersecurity
fromSecuritymagazine
8 months ago
Information security

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

Retailers, even luxury brands, are increasingly targeted by cyberattacks, highlighting vulnerabilities in their security practices.
fromDatabreaches
8 months ago
Tech industry

Chinese Hackers Hit Drone Sector in Supply Chain Attacks

Chinese hackers disrupt Taiwan and South Korea's drone supply chain through targeted multi-wave attacks.
more#cybersecurity
Information security
fromIT Pro
7 months ago

Application security risk: How leaders can protect their businesses

Application security is increasingly challenging due to software complexity and pressure for rapid feature rollout.
[ Load more ]