Topic: supply chain security
-
SpyCloud Exposes Vendor Identity Risk with New Supply Chain Protection
SpyCloud's new platform addresses supply chain attacks by extending identity threat defense to third-party vendors, using actionable intelligence from the criminal underground to move beyond passive risk observation. The solution is critical as third-party involvement in data breaches has doubled...
Read More » -
Beware: VSCode Forks Risk "Recommended Extension" Attacks
A security flaw in popular AI-assisted IDEs (like Cursor and Windsurf) stems from their inherited "recommended extension" lists pointing to Microsoft's marketplace, which they cannot access, leaving unclaimed namespaces vulnerable to malicious takeover on the OpenVSX registry they use instead. Th...
Read More » -
NCSC Playbook: Embedding Cyber Essentials in Supply Chains
UK authorities are urging businesses to strengthen supply chain security by integrating the Cyber Essentials certification into procurement, supported by a new NCSC playbook and a Supplier Check tool for verification. The initiative addresses significant risk, as only 14% of firms fully understan...
Read More » -
Heisenberg: Secure Your Open-Source Software Supply Chain
Heisenberg transforms static Software Bills of Materials (SBOMs) into dynamic defense tools by evaluating dependency health using data from deps.dev, SBOMs, and security advisories to provide risk assessments and reports. It proactively identifies suspicious packages by analyzing factors like age...
Read More » -
Australian Trio Unveils 360-Degree Security for Sensitive Logistics
Three Australian firms—ORCA Opti, DNH Logistics, and Aurora Materials—have partnered to implement a zero-trust security model for sensitive logistics in defence and pharmaceuticals, addressing both digital and physical vulnerabilities. ORCA Opti provides automated cyber information storage for se...
Read More » -
Taiwan Faces Pressure to Shift Chip Production to US
The US is urging Taiwan to relocate 50% of its advanced semiconductor manufacturing to American soil, framing it as a strategic necessity for Taiwan's security and a condition for continued US protection against China. This move aims to address the vulnerability of the global supply chain, as Tai...
Read More » -
NHS Demands Urgent Cybersecurity Upgrades in Open Letter
The UK's NHS is adopting a more structured, mandatory strategy to strengthen cybersecurity across healthcare, moving beyond previous voluntary measures to directly engage technology suppliers. This initiative is a collaborative partnership focused on identifying supply chain risks and agreeing on...
Read More » -
Urgent: FortiWeb Flaw Exploited, Logitech Breach Exposed
A critical vulnerability in FortiWeb (CVE-2025-58034) is being actively exploited due to a stealth patch that left many administrators unaware of the necessary update. Logitech confirmed a data breach affecting limited employee and customer details, while a widespread Cloudflare outage disrupted ...
Read More » -
Your Supply Chain Security Strategy's Biggest Blind Spot
Fourth-party vulnerabilities are a growing blind spot in supply chain security, with third-party breaches surging from 15% to 30% this year, as organizations often overlook subcontractors. Fourth-party risks remain hidden until a breach occurs, as subcontractors handling sensitive data or critica...
Read More » -
US Cargo Firm Exposes Shipping Systems and Customer Data Online
Security experts warn that cyberattacks on logistics firms are enabling large-scale cargo theft, creating a dangerous alliance between hackers and organized crime that threatens global supply chains. A researcher discovered severe vulnerabilities in Bluspark Global's shipping software, including ...
Read More » -
US and Allies Issue New Software Supply Chain Security Guidelines
An international coalition of 21 government agencies has released new guidelines to promote Software Bills of Materials (SBOMs) for enhancing software supply chain security and transparency. The framework defines stakeholder responsibilities, advocates for standardized approaches, and encourages ...
Read More » -
Patched FortiGate Firewalls Hacked, Cisco RCE Probed
A critical authentication bypass flaw (CVE-2025-59718) persists in Fortinet firewalls despite patches, while Cisco urgently addressed an exploited RCE vulnerability (CVE-2026-20045), highlighting ongoing challenges in securing network infrastructure. Sophisticated phishing targets the energy sect...
Read More » -
Dependency-Track: Open-Source Software Supply Chain Security
Dependency-Track is an open-source platform that provides continuous, real-time monitoring of software supply chain risks by analyzing Software Bills of Materials (SBOMs) across an organization's entire portfolio. It identifies vulnerabilities, outdated components, and licensing issues by aggrega...
Read More » -
CISA Unveils New Tool to Secure Software Procurement
The US Cybersecurity and Infrastructure Security Agency has launched a free interactive web tool to help organizations evaluate software assurance and manage supply chain risks during procurement. This tool adapts to user inputs, offering tailored security recommendations and generating exportabl...
Read More » -
Securing Farms from Cyber Threats: A John Deere CISO Q&A
Modern agriculture relies heavily on interconnected, software-driven systems, making cybersecurity as critical as physical equipment to protect the supply chain from threats. John Deere employs a security-by-design approach, integrating protections from development through testing, and collaborat...
Read More » -
Unseen Dangers in Open-Source Software
Open-source software underpins much of the digital world but poses significant security risks, as organizations often overlook vulnerabilities in the code they depend on daily. A study comparing open-source and proprietary software found varying vulnerability densities, with smaller projects like...
Read More » -
300k+ Plex Servers Still Vulnerable to Attack, Git RCE Exploited
Over 300,000 Plex Media Server systems remain vulnerable to attack due to an unpatched critical flaw, risking media libraries and personal data. Multiple sectors face active threats, including Git systems exploited for remote code execution and NetScaler devices targeted via a zero-day vulnerabil...
Read More » -
BeyondTrust's 2026 Cybersecurity Forecast: Key Trends Ahead
The cybersecurity landscape is increasingly shaped by the convergence of identity management, AI, and geopolitical factors, with AI becoming a major attack vector due to hasty deployments and expanded vulnerabilities. Emerging trends include "AI Veganism" driving demand for transparency, digital ...
Read More » -
Linux's 2026 Dominance: The One Open-Source Giant at Risk
The Linux desktop is seeing unprecedented growth as user dissatisfaction with Windows drives adoption, though fragmentation among distributions remains a challenge for newcomers. Major security and stability improvements are underway, including the adoption of the Rust programming language for me...
Read More » -
Secure Your Luxury Logistics: A Counterintelligence Approach
In luxury logistics, protecting sensitive data like client identities and shipping routes is as crucial as securing physical cargo, requiring a multi-layered defense strategy. Key security measures include multi-factor authentication, endpoint protection, and employee training to combat threats l...
Read More » -
Critical Flaws Exposed in Smart Air Compressor
Smart air compressors like the CAT-10020SMHAD with MDR2i controllers offer digital convenience but introduce cybersecurity risks, including vulnerabilities that could disrupt operations or manipulate data. Security flaws identified include hardcoded Wi-Fi passwords, unencrypted HTTP communication...
Read More » -
Groupe Rocher CISO: Modernizing Retail Cybersecurity
Retail cybersecurity requires balancing data protection, network management, and consumer trust, while facing evolving threats across both online and in-store systems. A common misalignment exists between stated security goals and actual risks, necessitating proactive strategies like threat intel...
Read More » -
2025's Top Cyber Threats: Ransomware, Outages & AI Attacks
The 2025 digital threat landscape is dominated by sophisticated ransomware, third-party vendor disruptions, and AI-driven social engineering campaigns. AI is amplifying social engineering attacks, making them more convincing and accounting for over half of cyber claims and losses in early 2025. R...
Read More » -
DataLocker Enhances Security with DL GO & MySafeConsole
DataLocker has launched the DL GO encrypted USB drive and MySafeConsole cloud platform, offering enterprise-level security features at an accessible price for individuals and small businesses. The DL GO drive uses AES-256 XTS hardware encryption, supports biometric authentication, and has a rugge...
Read More » -
DockerDash Exposes Critical AI Supply Chain Flaw
A critical vulnerability named DockerDash in Docker's Ask Gordon AI assistant allows attackers to inject malicious commands via manipulated Docker image metadata, bypassing security due to a lack of validation. The flaw enables remote code execution in cloud/CLI environments and data exfiltration...
Read More » -
Top Cybersecurity Products Launched This Week: December 2025
New cybersecurity tools launched this week focus on automating compliance, securing AI development, and managing third-party software risks to address evolving threats. Several companies introduced AI-specific security solutions, including platforms to protect AI-powered development stacks, gover...
Read More » -
Smart Grids Face Rising Cyber Threats as They Modernize
The shift to decentralized smart grids dramatically expands the cybersecurity attack surface, as millions of distributed devices like EV chargers and solar inverters each become a potential entry point, demanding security built into every layer. Key vulnerabilities include compromised device firm...
Read More » -
Renault Notifies Customers of Supply Chain Data Breach
Renault experienced a data breach through a third-party supplier, exposing personal details like names, contact information, and vehicle data, but its internal systems were not compromised. The stolen information increases the risk of targeted phishing attacks, prompting Renault to warn customers...
Read More » -
Quantify Cyber Risk to Win Executive Buy-In
CISOs should translate cyber risks into financial terms to secure executive approval for security budgets by demonstrating potential monetary losses and investment returns. The evolving threat landscape includes AI-driven attacks and defenses, requiring constant vigilance and adaptation in cybers...
Read More » -
Global Tensions Escalate Cyber Threats
Geopolitical tensions are increasingly fought in cyberspace, with state actors using digital operations to disrupt critical services and shape public opinion, raising the risk of escalation. Critical infrastructure is a primary target, as evidenced by real-world attacks on power grids and the use...
Read More » -
DMA Sparks Mobile Security Fears in Europe
The EU's Digital Markets Act (DMA) mandates greater system interoperability for mobile platforms, which security experts warn could create new entry points for malicious actors and undermine foundational device security. Mandated access to core hardware and software functions risks compromising d...
Read More » -
AI Threats Target the Factory Floor
The industrial cybersecurity landscape is shifting from static defenses to adaptive, AI-driven strategies that embed resilience directly into operational processes, recognizing security as a foundational necessity. Clear standards and legislation, like the EU AI Act, are elevating requirements fo...
Read More » -
Bugcrowd Boosts AI Security with Mayhem Acquisition
Bugcrowd has acquired Mayhem Security to enhance AI-powered, human-in-the-loop security testing, enabling faster, safer software development and reduced operational costs. The acquisition combines Mayhem's AI-driven automation with Bugcrowd's crowdsourced human expertise to proactively identify a...
Read More » -
Insider Threats, Malware & AI: The Rising File Security Crisis
File security breaches are escalating, causing significant financial losses, stolen data, and intellectual property exposure across organizations. Insider threats, weak access controls, and evolving malware like ransomware and zero-day threats are major vulnerabilities, with many companies lackin...
Read More » -
Open Source Reliance Grows, But Patching Lags Behind
Open source software is foundational to enterprise tech but creates security risks, as incidents often stem from known vulnerabilities with existing but unapplied patches. The adoption of open source is developer-driven, embedding tools deeply into applications and leaving security teams to manag...
Read More » -
UK Warns Businesses of Escalating Cyber Threat
The UK government is launching a campaign to push businesses, especially SMEs, to adopt basic cybersecurity measures, as data shows serious cyber incidents cost an average of £195,000 and half of small firms were attacked last year. The initiative directs companies to the government's Cyber Essen...
Read More » -
F5 Issues Critical Patches for Stolen BIG-IP Vulnerabilities
F5 Networks issued critical security patches for its BIG-IP product line after a state-sponsored breach on August 9, 2025, which exposed proprietary source code and vulnerabilities, urging immediate installation to address 44 issues. The Cybersecurity and Infrastructure Security Agency (CISA) man...
Read More » -
Crafting an Effective Healthcare Cybersecurity Strategy
Focus on foundational cybersecurity controls like vulnerability management and network segmentation to maximize protection with limited resources, as they offer high-impact risk reduction. Cultivate a strong cybersecurity culture through staff training, making the workforce a cost-effective first...
Read More » -
Firmus Announces A "Green AI Factory" In Tasmania
Tasmania's "Green AI Factory" project by Firmus has drawn scrutiny for its contradictory branding and reliance on substantial public funding, raising concerns about its viability compared to past failed infrastructure projects. Claroty's 2025 cybersecurity report reveals that regulation is the pr...
Read More » -
CISA Proposes New SBOM Requirements Under Biden Administration
CISA is updating the SBOM framework to enhance cybersecurity transparency and resilience in federal software supply chains, seeking public input by October 3, 2025. An SBOM provides a machine-readable inventory of software components and dependencies, initially mandated in 2021 following a presid...
Read More » -
Black Kite Launches AI-Driven Cyber Risk Assessments
Black Kite introduces an AI-driven platform for third-party cyber risk management, automating vendor security assessments to replace outdated manual processes and deliver faster, more accurate insights. The platform uses AI to analyze existing documentation and technical data, generating comprehe...
Read More » -
#Infosec2025: Why Endpoint Security Remains Critical Against Evolving Threats
Endpoint security is crucial as cyber threats target corporate devices, IoT, and supply chains, with gaps in protection leaving enterprises vulnerable. Identity breaches and compromised credentials are major attack vectors, exacerbated by poor patch management and BYOD policies. Modern EDR tools ...
Read More » -
Cisco Zero-Day Exploited, Kali Linux 2025.4 Released
A critical zero-day vulnerability in Cisco's email security appliances is being actively exploited by a suspected Chinese-nexus group to compromise devices and erase logs, highlighting urgent patch management needs. Major vendors like Fortinet, SonicWall, and Apple are addressing serious, activel...
Read More » -
Malicious NuGet Packages Deploy Destructive Time Bombs
Malicious packages on NuGet, uploaded by shanhai666, contain hidden payloads set to activate between 2027 and 2028, targeting database systems and Siemens industrial devices, with nearly 9,500 downloads before removal. The packages, including Sharp7Extend, mimic legitimate libraries to evade dete...
Read More » -
Top Cybersecurity Threats to Watch in 2025
The cybersecurity landscape in 2025 will be shaped by sophisticated threats from AI-driven attacks, quantum computing risks, and aggressive geopolitical cyber campaigns. AI-powered tools enable autonomous threat agents to launch personalized phishing, adaptive malware, and large-scale attacks, wh...
Read More » -
OpenAI Teams with Broadcom to Develop Custom AI Chips
OpenAI is partnering with Broadcom to develop custom AI chips, reducing reliance on Nvidia and enhancing performance for models like ChatGPT and Sora. The collaboration involves deploying 10 gigawatts of AI accelerators, highlighting the vast computational needs for training next-generation AI sy...
Read More » -
BeyondTrust RCE exploited post-patch, United CISO on resilience
Cybersecurity resilience requires proactive continuity and modernization, especially for interconnected organizations facing rapidly exploited vulnerabilities like the BeyondTrust flaw (CVE-2026-1731) and zero-days used in high-stakes breaches. Major software vendors, including Microsoft and Appl...
Read More » -
Secure Your Shipyard: Modern OT Security for Major Projects
The fluid, project-based nature of shipbuilding, with its rotating contractors and temporary systems, creates a constantly shifting threat surface that defies traditional static perimeter security models. Securing legacy operational technology (OT) that cannot be patched requires a focus on passi...
Read More » -
Rethinking Cybersecurity from the Silicon Up
Traditional reactive cybersecurity, focused on software patches and detection, is insufficient against modern threats that target deeper hardware and firmware layers. A Hardware Root of Trust (HRoT) embedded in silicon provides a proactive, tamper-resistant foundation by actively validating hardw...
Read More » -
Critical 'React2Shell' Vulnerability Exposes React.js
A critical vulnerability (CVE-2025-55182) in React.js and Next.js, dubbed React2Shell, allows unauthenticated remote code execution with a severity score of 10.0, posing a severe risk to servers. The flaw, exploitable via a simple HTTP request, impacts React Server Function endpoints and default ...
Read More »