software supply chain

BigTech Companies

Urgent: Notepad++ Users, Check for Hacks Now

February 3, 2026
Multiple red warning signs on screens with binary code and a blue keyboard.

Notepad++'s update infrastructure was compromised for six months by sophisticated hackers linked to the Chinese state, who delivered malicious updates…

Read More »
Artificial Intelligence

Linux’s 2026 Dominance: The One Open-Source Giant at Risk

December 31, 2025
Crystal ball reflects colorful light trails on a dark surface.

The Linux desktop is seeing unprecedented growth as user dissatisfaction with Windows drives adoption, though fragmentation among distributions remains a…

Read More »
Business

Black Kite Unveils Software Supply Chain Vulnerabilities at Product Level

December 10, 2025
Abstract eagle with data icons over futuristic city, symbolizing product analysis.

Black Kite's new Product Analysis module enables security teams to assess software supply chain vulnerabilities at the individual product level,…

Read More »
Business

NPM Malware Attack Exposed 400,000 Developer Secrets

December 4, 2025
NPM logo in red and white on a dark background with red circles.

A malware campaign called Shai-Hulud compromised hundreds of NPM packages, exposing roughly 400,000 raw secrets from thousands of GitHub repositories,…

Read More »
Business

New npm Worm Threatens Software Supply Chain

November 27, 2025
Close-up of computer screen displaying lines of colorful Python code.

A sophisticated worm called Shai-Hulud is actively stealing developer credentials and spreading across hundreds of npm packages, impacting millions of…

Read More »
Business

Malicious ‘IndonesianFoods’ Worm Floods npm With 100K Packages

November 15, 2025
NPM logo in white text on a red and black gradient background.

A self-propagating npm package called 'IndonesianFoods' has flooded the registry with over 100,000 junk packages, using random Indonesian names and…

Read More »
Artificial Intelligence

Cisco UCCX Flaws Fixed, November 2025 Patch Tuesday Outlook

November 11, 2025
Global map overlaid with digital circuit board patterns and text 'CYBERSECURITY WEEK IN REVIEW'.

Cisco has released critical patches for UCCX vulnerabilities (CVE-2025-20358 and CVE-2025-20354) that could allow attackers to bypass authentication and gain…

Read More »
Artificial Intelligence

Heisenberg: Secure Your Open-Source Software Supply Chain

November 5, 2025
Illustration of Walter White as Heisenberg, wearing a hat and glasses, with text about a software tool.

Heisenberg transforms static Software Bills of Materials (SBOMs) into dynamic defense tools by evaluating dependency health using data from deps.dev,…

Read More »
Business

Dependency-Track: Open-Source Software Supply Chain Security

October 31, 2025
Abstract graphic with fingerprint textures and text 'Dependency-Track Open-Source Component Analysis Platform'.

Dependency-Track is an open-source platform that provides continuous, real-time monitoring of software supply chain risks by analyzing Software Bills of…

Read More »
Business

US Data at Risk as Key Cyber Law Expires

October 15, 2025
Digital security overlay on the U.S. Capitol building at night.

The Cybersecurity Information Sharing Act (CISA 2015) has expired, removing legal immunity for companies that share cyber threat intelligence and…

Read More »
BigTech Companies

GitHub Tightens npm Security After Shai-Hulud Attack

September 24, 2025
npm logo in red and white, set against a background of dark, stacked boxes.

The npm registry faces increasing threats from attacks like phishing campaigns and the self-propagating "Shai-Hulud" worm, leading GitHub to implement…

Read More »
BigTech Companies

A Dangerous Worm Is Infecting Software Packages

September 21, 2025
Mysterious dark object resembling a giant eye, partially buried in sand under a hazy sky.

A self-replicating worm named Shai-Hulud has infected hundreds of open-source JavaScript packages on NPM, actively seeking credentials to spread further…

Read More »
Business

Self-Replicating Worm Infects 180+ npm Packages in Automated Attack

September 19, 2025
npm logo inside a giant sand creature's mouth, dramatic desert scene.

A self-replicating worm named "Shai-hulud" is spreading through the npm ecosystem, infecting over 180 packages and stealing developer credentials to…

Read More »
Business

HCL AppScan 360º 2.0: Secure Your Software Supply Chain

September 13, 2025
Global network security: A glowing Earth encircled by a magnifying glass, with a padlock icon symbolizing data protection.

Businesses face challenges in securing software supply chains due to open-source adoption and strict data regulations, which HCL AppScan 360º…

Read More »
Business

US and Allies Issue New Software Supply Chain Security Guidelines

September 6, 2025
Futuristic digital display with a prominent shield logo, glowing cyan and blue.

An international coalition of 21 government agencies has released new guidelines to promote Software Bills of Materials (SBOMs) for enhancing…

Read More »
Business

CISA Unveils New Tool to Secure Software Procurement

August 28, 2025
A metal chain with a red question mark link missing, symbolizing a broken link or missing piece.

The US Cybersecurity and Infrastructure Security Agency has launched a free interactive web tool to help organizations evaluate software assurance…

Read More »
Cybersecurity

npm mistakenly deletes Stylus package, disrupting builds

July 24, 2025
NPM logo in white on a red rectangle, set against a dark background with glowing red circles.

The popular Stylus CSS preprocessor was accidentally removed from the npm registry due to a false security flag, disrupting global…

Read More »
Cybersecurity

Global Software Supply Chains Lack Critical Visibility

July 11, 2025
A glowing red chain stretches into the distance against a backdrop of purple and pink digital patterns.

Only 23% of organizations have strong software supply chain visibility, leaving most vulnerable to cybersecurity risks and disruptions. 80% of…

Read More »
BigTech Companies

Red Hat Launches Enterprise Linux for Business Developers

July 10, 2025
A red fedora hat sits atop a glowing circuit board, symbolizing hacking or cybersecurity.

Red Hat launched a specialized enterprise Linux platform for business developers, offering free access to robust development tools while ensuring…

Read More »
Cybersecurity

Banana Squad’s GitHub Malware Attack Targets Developers

June 20, 2025
A peeled banana with glowing teal circuitry lines, appearing as a cyborg, amidst floating digital screens displaying code.

Cybersecurity experts discovered a malware campaign by Banana Squad targeting developers via 67 fake GitHub repositories, distributing trojanized Python files…

Read More »
Load More