Topic: supply chain security
-
UK Warns Businesses of Escalating Cyber Threat
The UK government is launching a campaign to push businesses, especially SMEs, to adopt basic cybersecurity measures, as data shows serious cyber incidents cost an average of £195,000 and half of small firms were attacked last year. The initiative directs companies to the government's Cyber Essen...
Read More » -
Open Source Reliance Grows, But Patching Lags Behind
Open source software is foundational to enterprise tech but creates security risks, as incidents often stem from known vulnerabilities with existing but unapplied patches. The adoption of open source is developer-driven, embedding tools deeply into applications and leaving security teams to manag...
Read More » -
Keenadu Backdoor Infects Android Firmware and Google Play Apps
A sophisticated Android malware named Keenadu, deeply embedded in device firmware, grants attackers full control to compromise all apps and steal sensitive user data, including banking credentials and private browsing activity. The malware spreads through multiple channels, including compromised ...
Read More » -
BeyondTrust RCE exploited post-patch, United CISO on resilience
Cybersecurity resilience requires proactive continuity and modernization, especially for interconnected organizations facing rapidly exploited vulnerabilities like the BeyondTrust flaw (CVE-2026-1731) and zero-days used in high-stakes breaches. Major software vendors, including Microsoft and Appl...
Read More » -
Groupe Rocher CISO: Modernizing Retail Cybersecurity
Retail cybersecurity requires balancing data protection, network management, and consumer trust, while facing evolving threats across both online and in-store systems. A common misalignment exists between stated security goals and actual risks, necessitating proactive strategies like threat intel...
Read More » -
DockerDash Exposes Critical AI Supply Chain Flaw
A critical vulnerability named DockerDash in Docker's Ask Gordon AI assistant allows attackers to inject malicious commands via manipulated Docker image metadata, bypassing security due to a lack of validation. The flaw enables remote code execution in cloud/CLI environments and data exfiltration...
Read More » -
Patched FortiGate Firewalls Hacked, Cisco RCE Probed
A critical authentication bypass flaw (CVE-2025-59718) persists in Fortinet firewalls despite patches, while Cisco urgently addressed an exploited RCE vulnerability (CVE-2026-20045), highlighting ongoing challenges in securing network infrastructure. Sophisticated phishing targets the energy sect...
Read More » -
NHS Demands Urgent Cybersecurity Upgrades in Open Letter
The UK's NHS is adopting a more structured, mandatory strategy to strengthen cybersecurity across healthcare, moving beyond previous voluntary measures to directly engage technology suppliers. This initiative is a collaborative partnership focused on identifying supply chain risks and agreeing on...
Read More » -
Global Tensions Escalate Cyber Threats
Geopolitical tensions are increasingly fought in cyberspace, with state actors using digital operations to disrupt critical services and shape public opinion, raising the risk of escalation. Critical infrastructure is a primary target, as evidenced by real-world attacks on power grids and the use...
Read More » -
SpyCloud Exposes Vendor Identity Risk with New Supply Chain Protection
SpyCloud's new platform addresses supply chain attacks by extending identity threat defense to third-party vendors, using actionable intelligence from the criminal underground to move beyond passive risk observation. The solution is critical as third-party involvement in data breaches has doubled...
Read More » -
US Cargo Firm Exposes Shipping Systems and Customer Data Online
Security experts warn that cyberattacks on logistics firms are enabling large-scale cargo theft, creating a dangerous alliance between hackers and organized crime that threatens global supply chains. A researcher discovered severe vulnerabilities in Bluspark Global's shipping software, including ...
Read More » -
Secure Your Shipyard: Modern OT Security for Major Projects
The fluid, project-based nature of shipbuilding, with its rotating contractors and temporary systems, creates a constantly shifting threat surface that defies traditional static perimeter security models. Securing legacy operational technology (OT) that cannot be patched requires a focus on passi...
Read More » -
Rethinking Cybersecurity from the Silicon Up
Traditional reactive cybersecurity, focused on software patches and detection, is insufficient against modern threats that target deeper hardware and firmware layers. A Hardware Root of Trust (HRoT) embedded in silicon provides a proactive, tamper-resistant foundation by actively validating hardw...
Read More » -
Beware: VSCode Forks Risk "Recommended Extension" Attacks
A security flaw in popular AI-assisted IDEs (like Cursor and Windsurf) stems from their inherited "recommended extension" lists pointing to Microsoft's marketplace, which they cannot access, leaving unclaimed namespaces vulnerable to malicious takeover on the OpenVSX registry they use instead. Th...
Read More » -
Linux's 2026 Dominance: The One Open-Source Giant at Risk
The Linux desktop is seeing unprecedented growth as user dissatisfaction with Windows drives adoption, though fragmentation among distributions remains a challenge for newcomers. Major security and stability improvements are underway, including the adoption of the Rust programming language for me...
Read More » -
Cisco Zero-Day Exploited, Kali Linux 2025.4 Released
A critical zero-day vulnerability in Cisco's email security appliances is being actively exploited by a suspected Chinese-nexus group to compromise devices and erase logs, highlighting urgent patch management needs. Major vendors like Fortinet, SonicWall, and Apple are addressing serious, activel...
Read More » -
ISACA to Oversee DoD's CMMC Cybersecurity Credentialing
The U.S. Department of Defense has appointed ISACA as the exclusive global authority to oversee training, examination, and certification for all professionals within the CMMC program. The CMMC program mandates that all organizations working with the DoD achieve certification by 2028, impacting ov...
Read More » -
DMA Sparks Mobile Security Fears in Europe
The EU's Digital Markets Act (DMA) mandates greater system interoperability for mobile platforms, which security experts warn could create new entry points for malicious actors and undermine foundational device security. Mandated access to core hardware and software functions risks compromising d...
Read More » -
NCSC Playbook: Embedding Cyber Essentials in Supply Chains
UK authorities are urging businesses to strengthen supply chain security by integrating the Cyber Essentials certification into procurement, supported by a new NCSC playbook and a Supplier Check tool for verification. The initiative addresses significant risk, as only 14% of firms fully understan...
Read More » -
UK Fines LastPass £1.2 Million Over 2022 Data Breach
The UK's Information Commissioner's Office fined LastPass £1.2 million for failing to protect user data, leading to a 2022 breach that compromised personal details of 1.6 million individuals. The breach occurred through a multi-stage attack where a hacker compromised an employee's device, stole e...
Read More » -
Top Cybersecurity Products Launched This Week: December 2025
New cybersecurity tools launched this week focus on automating compliance, securing AI development, and managing third-party software risks to address evolving threats. Several companies introduced AI-specific security solutions, including platforms to protect AI-powered development stacks, gover...
Read More » -
AI Threats Target the Factory Floor
The industrial cybersecurity landscape is shifting from static defenses to adaptive, AI-driven strategies that embed resilience directly into operational processes, recognizing security as a foundational necessity. Clear standards and legislation, like the EU AI Act, are elevating requirements fo...
Read More » -
Critical 'React2Shell' Vulnerability Exposes React.js
A critical vulnerability (CVE-2025-55182) in React.js and Next.js, dubbed React2Shell, allows unauthenticated remote code execution with a severity score of 10.0, posing a severe risk to servers. The flaw, exploitable via a simple HTTP request, impacts React Server Function endpoints and default ...
Read More » -
Smart Grids Face Rising Cyber Threats as They Modernize
The shift to decentralized smart grids dramatically expands the cybersecurity attack surface, as millions of distributed devices like EV chargers and solar inverters each become a potential entry point, demanding security built into every layer. Key vulnerabilities include compromised device firm...
Read More » -
Top Cybersecurity Jobs Hiring Now | December 2025
The global demand for skilled cybersecurity professionals is exceptionally high across all sectors and experience levels, creating diverse career opportunities. The field encompasses a wide variety of specialized roles, including positions like Application Security Manager, Cloud Security Archite...
Read More » -
Trend Vision One: Proactive AI Security for Your Environment
Trend Vision One's AI Security Package, launching in December, provides centralized exposure management and protection across the entire AI application lifecycle, from development to runtime operations. The solution addresses the limitations of conventional security tools by offering specialized ...
Read More » -
Urgent: FortiWeb Flaw Exploited, Logitech Breach Exposed
A critical vulnerability in FortiWeb (CVE-2025-58034) is being actively exploited due to a stealth patch that left many administrators unaware of the necessary update. Logitech confirmed a data breach affecting limited employee and customer details, while a widespread Cloudflare outage disrupted ...
Read More » -
EU Cybersecurity Rules: A Game Developer's Essential Guide
The video game industry faces escalating cyber threats, including attacks on in-game economies and data breaches, which can damage player trust and company reputations. New EU regulations, specifically the NIS2 Directive and the Cyber Resilience Act, impose strict cybersecurity obligations on gam...
Read More » -
Windows Kernel Flaw Fixed, Fortinet Zero-Day Exploited
Cybersecurity demands constant vigilance against evolving threats like zero-day exploits and requires organizations to adopt layered defense strategies that combine awareness, collaboration, and resilience. Emerging technologies are reshaping security, with innovations such as touchless Wi-Fi ent...
Read More » -
Secure Your Luxury Logistics: A Counterintelligence Approach
In luxury logistics, protecting sensitive data like client identities and shipping routes is as crucial as securing physical cargo, requiring a multi-layered defense strategy. Key security measures include multi-factor authentication, endpoint protection, and employee training to combat threats l...
Read More » -
Malicious NuGet Packages Deploy Destructive Time Bombs
Malicious packages on NuGet, uploaded by shanhai666, contain hidden payloads set to activate between 2027 and 2028, targeting database systems and Siemens industrial devices, with nearly 9,500 downloads before removal. The packages, including Sharp7Extend, mimic legitimate libraries to evade dete...
Read More » -
Bugcrowd Boosts AI Security with Mayhem Acquisition
Bugcrowd has acquired Mayhem Security to enhance AI-powered, human-in-the-loop security testing, enabling faster, safer software development and reduced operational costs. The acquisition combines Mayhem's AI-driven automation with Bugcrowd's crowdsourced human expertise to proactively identify a...
Read More » -
Heisenberg: Secure Your Open-Source Software Supply Chain
Heisenberg transforms static Software Bills of Materials (SBOMs) into dynamic defense tools by evaluating dependency health using data from deps.dev, SBOMs, and security advisories to provide risk assessments and reports. It proactively identifies suspicious packages by analyzing factors like age...
Read More » -
Australian Trio Unveils 360-Degree Security for Sensitive Logistics
Three Australian firms—ORCA Opti, DNH Logistics, and Aurora Materials—have partnered to implement a zero-trust security model for sensitive logistics in defence and pharmaceuticals, addressing both digital and physical vulnerabilities. ORCA Opti provides automated cyber information storage for se...
Read More » -
BeyondTrust's 2026 Cybersecurity Forecast: Key Trends Ahead
The cybersecurity landscape is increasingly shaped by the convergence of identity management, AI, and geopolitical factors, with AI becoming a major attack vector due to hasty deployments and expanded vulnerabilities. Emerging trends include "AI Veganism" driving demand for transparency, digital ...
Read More » -
Top Cybersecurity Threats to Watch in 2025
The cybersecurity landscape in 2025 will be shaped by sophisticated threats from AI-driven attacks, quantum computing risks, and aggressive geopolitical cyber campaigns. AI-powered tools enable autonomous threat agents to launch personalized phishing, adaptive malware, and large-scale attacks, wh...
Read More » -
Dependency-Track: Open-Source Software Supply Chain Security
Dependency-Track is an open-source platform that provides continuous, real-time monitoring of software supply chain risks by analyzing Software Bills of Materials (SBOMs) across an organization's entire portfolio. It identifies vulnerabilities, outdated components, and licensing issues by aggrega...
Read More » -
Critical Flaws Exposed in Smart Air Compressor
Smart air compressors like the CAT-10020SMHAD with MDR2i controllers offer digital convenience but introduce cybersecurity risks, including vulnerabilities that could disrupt operations or manipulate data. Security flaws identified include hardcoded Wi-Fi passwords, unencrypted HTTP communication...
Read More » -
F5 Issues Critical Patches for Stolen BIG-IP Vulnerabilities
F5 Networks issued critical security patches for its BIG-IP product line after a state-sponsored breach on August 9, 2025, which exposed proprietary source code and vulnerabilities, urging immediate installation to address 44 issues. The Cybersecurity and Infrastructure Security Agency (CISA) man...
Read More » -
Crafting an Effective Healthcare Cybersecurity Strategy
Focus on foundational cybersecurity controls like vulnerability management and network segmentation to maximize protection with limited resources, as they offer high-impact risk reduction. Cultivate a strong cybersecurity culture through staff training, making the workforce a cost-effective first...
Read More » -
Firmus Announces A "Green AI Factory" In Tasmania
Tasmania's "Green AI Factory" project by Firmus has drawn scrutiny for its contradictory branding and reliance on substantial public funding, raising concerns about its viability compared to past failed infrastructure projects. Claroty's 2025 cybersecurity report reveals that regulation is the pr...
Read More » -
OpenAI Teams with Broadcom to Develop Custom AI Chips
OpenAI is partnering with Broadcom to develop custom AI chips, reducing reliance on Nvidia and enhancing performance for models like ChatGPT and Sora. The collaboration involves deploying 10 gigawatts of AI accelerators, highlighting the vast computational needs for training next-generation AI sy...
Read More » -
Renault Notifies Customers of Supply Chain Data Breach
Renault experienced a data breach through a third-party supplier, exposing personal details like names, contact information, and vehicle data, but its internal systems were not compromised. The stolen information increases the risk of targeted phishing attacks, prompting Renault to warn customers...
Read More » -
Unseen Dangers in Open-Source Software
Open-source software underpins much of the digital world but poses significant security risks, as organizations often overlook vulnerabilities in the code they depend on daily. A study comparing open-source and proprietary software found varying vulnerability densities, with smaller projects like...
Read More » -
Quantify Cyber Risk to Win Executive Buy-In
CISOs should translate cyber risks into financial terms to secure executive approval for security budgets by demonstrating potential monetary losses and investment returns. The evolving threat landscape includes AI-driven attacks and defenses, requiring constant vigilance and adaptation in cybers...
Read More » -
Taiwan Faces Pressure to Shift Chip Production to US
The US is urging Taiwan to relocate 50% of its advanced semiconductor manufacturing to American soil, framing it as a strategic necessity for Taiwan's security and a condition for continued US protection against China. This move aims to address the vulnerability of the global supply chain, as Tai...
Read More » -
Cisco ASA Zero-Day & Fortra GoAnywhere Under Active Attack
A wave of sophisticated cyberattacks is exploiting newly discovered zero-day vulnerabilities in critical enterprise infrastructure, including Cisco's ASA and Fortra's GoAnywhere, posing significant risks to organizational networks and sensitive data. Law firms are increasingly targeted by cybercr...
Read More » -
2025's Top Cyber Threats: Ransomware, Outages & AI Attacks
The 2025 digital threat landscape is dominated by sophisticated ransomware, third-party vendor disruptions, and AI-driven social engineering campaigns. AI is amplifying social engineering attacks, making them more convincing and accounting for over half of cyber claims and losses in early 2025. R...
Read More » -
DataLocker Enhances Security with DL GO & MySafeConsole
DataLocker has launched the DL GO encrypted USB drive and MySafeConsole cloud platform, offering enterprise-level security features at an accessible price for individuals and small businesses. The DL GO drive uses AES-256 XTS hardware encryption, supports biometric authentication, and has a rugge...
Read More » -
Insider Threats, Malware & AI: The Rising File Security Crisis
File security breaches are escalating, causing significant financial losses, stolen data, and intellectual property exposure across organizations. Insider threats, weak access controls, and evolving malware like ransomware and zero-day threats are major vulnerabilities, with many companies lackin...
Read More »