Security News

Despite growing national security concerns and government restrictions, Chinese military-linked companies remain deeply embedded in the US digital supply chain, according to Bitsight. These...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known...

A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj-actions/changed-files" that...

Ad giant just confirmed its cloudy arm will embrace security shop in $30B deal Wiz security researchers think they've found the root cause of the GitHub supply chain attack that unfolded over the...

The growing sophistication of software supply chain attacks is driven by widespread flaws in open-source and third-party commercial software, along with malicious campaigns that specifically...

A supply chain attack on the widely used 'tj-actions/changed-files' GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD secrets from GitHub Actions build...

Large organizations among those cleaning up the mess It's not such a happy Monday for defenders wiping the sleep from their eyes only to deal with the latest supply chain attack.…

Microsoft warns that Chinese cyber-espionage threat group 'Silk Typhoon' has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them...

The China-lined threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology (IT)...

The U.S. Federal Bureau of Investigation (FBI) formally linked the record-breaking $1.5 billion Bybit hack to North Korean threat actors, as the company's CEO Ben Zhou declared a "war against...