#supply-chain-security

[ follow ]
fromInfoQ
1 day ago

Researcher Unearths Thousands of Leaked Secrets in GitHub's "Oops Commits"

GitHub public commits remain archived after force pushes, exposing thousands of secrets including high-value tokens and admin-level credentials.
fromTheregister
1 week ago

China steals too much US defense tech, says DCSA

The homeland is no longer secure,
Information security
#contact-form-phishing
fromSecuritymagazine
1 week ago

1.1M Impacted by Farmers Insurance Data Breach, Security Leaders Discuss

Farmers Insurance suffered a third-party breach of ~1.1 million customers' PII—names, addresses, birthdates, driver’s license numbers, last four SSNs—possibly tied to Salesforce social engineering.
fromInfoWorld
1 week ago

8 vendors bringing AI to devsecops and application security

AI is becoming foundational to software security, enabling automated vulnerability remediation, real-time secure coding, and supply-chain hardening while introducing governance and risk challenges.
fromTheregister
1 week ago

Trump pulls out 't-word' again over China rare earths ban

China's export controls on rare-earth minerals and processing equipment create strategic leverage over global tech and defense supply chains, prompting US tariff threats.
fromDevOps.com
2 weeks ago

Tackling the DevSecOps Gap in Software Understanding - DevOps.com

Let's dig into what this really means, why it matters, and where we go from here. But then I thought a bit more. It's not just necessary-it's overdue. And not only for national security systems. This gap in software understanding exists across nearly every enterprise and agency in the public and private sector. The real challenge is not recognizing the problem. It's addressing it early, systemically and sustainably-especially in a DevSecOps context.
DevOps
Software development
fromInfoQ
2 weeks ago

Supply Chain Security: Provenance Tools Becoming Standard in Developer Platforms

Software provenance is essential for securing supply chains and ensuring compliance with regulations like SLSA.
Health
fromMedCity News
3 weeks ago

Trump's Push for U.S. Drug Manufacturing Expands to Pharma Ingredients With New Executive Order - MedCity News

The Trump administration's new executive order aims to stockpile active pharmaceutical ingredients (APIs) to enhance U.S. drug manufacturing security.
#python
Artificial intelligence
fromFortune
4 weeks ago

Former Intel board members: America's champion is likely to retreat, and we still need a leading-edge chip manufacturer

The U.S. must prioritize American-owned semiconductor manufacturing to secure its supply chains and technological supremacy in AI and critical technologies.
fromHackernoon
5 months ago

Reproducible Go Toolchains: What You Need to Know | HackerNoon

Reproducible builds in open-source software prevent supply chain attacks by enabling verification of binaries against trustworthy sources.
fromThe Hacker News
1 month ago

5 Ways Identity-based Attacks Are Breaching Retail

Adidas confirmed a data breach caused by an attack on a third-party customer service provider. The company said customer data was exposed, including names, email addresses, and order details.
Privacy professionals
fromwww.theguardian.com
2 months ago

Quad countries agree to diversify critical mineral supplies amid China concerns

The four countries said in a joint statement that they were establishing the Quad Critical Minerals Initiative, aimed at collaborating on securing and diversifying supply chains.
US politics
#cybersecurity
fromHackernoon
2 years ago
Privacy professionals

Decentralized Public-Key Infrastructure: The Future of Supply Chain Security | HackerNoon

Information security
fromIT Pro
3 months ago

Two more NHS Trusts have been hit with cyber attacks - here's what we know so far

Cyber attacks on NHS trusts emphasize the urgent need for improved supply chain security practices.
fromHackernoon
2 years ago
Privacy professionals

Decentralized Public-Key Infrastructure: The Future of Supply Chain Security | HackerNoon

fromIT Pro
3 months ago
Information security

Two more NHS Trusts have been hit with cyber attacks - here's what we know so far

Node JS
fromIT Pro
2 months ago

Developers beware: Malware has been found in a dozen popular NPM packages - here's what you need to know

Over a dozen NPM packages have been compromised, delivering malware that allows attackers to control infected machines.
Growth hacking
fromThe Hacker News
3 months ago

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

Malicious packages in multiple repositories have been discovered, posing significant security threats in open-source ecosystems.
fromInfoWorld
1 year ago

GitHub Artifact Attestations sign and verify software artifacts

GitHub introduced Artifact Attestations for securing software supply chains in GitHub Actions.
fromArs Technica
4 months ago

AI-generated code could be a disaster for the software supply chain. Here's why.

LLM-generated code increases vulnerability to supply-chain attacks due to the inclusion of non-existent dependencies.
[ Load more ]