Security News

Ex-US Air Force officer says companies shouldn't wait for govt mandates Interview Former US Air Force cyber officer Sarah Cleveland worries about the threat of a major supply-chain attack from...

A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the...

The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a highly-targeted attack against one of Coinbase's open-source projects, before evolving into something...

The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it, with it estimated that only 218 repositories exposed secrets due to...

How to avoid another SolarWinds, Log4j, and XZ Utils situation Organizations concerned about software supply chain attacks should focus on role-based access control, system monitoring, and...

Despite growing national security concerns and government restrictions, Chinese military-linked companies remain deeply embedded in the US digital supply chain, according to Bitsight. These...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known...

A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj-actions/changed-files" that...

Ad giant just confirmed its cloudy arm will embrace security shop in $30B deal Wiz security researchers think they've found the root cause of the GitHub supply chain attack that unfolded over the...

The growing sophistication of software supply chain attacks is driven by widespread flaws in open-source and third-party commercial software, along with malicious campaigns that specifically...