Tag: supply chain security
40 articles

Agencies Modernize Identity Infrastructure to Counter Emerging Threats
Federal agencies are racing against the clock to modernize their identity infrastructure, securing legacy systems while navigating the rapid evolution of AI and emerging post-quantum threats. As AI continues to advance at breakneck speed, agencies must build adaptable cybersecurity strategies to stay ahead of the threat landscape.

Pentagon Hits Pause on Cybersecurity Certification Requirements
The Pentagon has hit pause on its cybersecurity certification requirements, citing prohibitive compliance costs and bureaucratic burdens that could stifle innovation in the US defense industrial base. This 60-day suspension sparks a review that may reshape enforcement and acquisition rules for defense contractors.

AI Reshapes Software Supply Chain Security Risks
The software supply chain security landscape has dramatically shifted in just 20 months, with AI tools and models now integral to building, deploying, and running software - and bringing new risks to the table. The old question of "what's in your code?" has given way to a more complex concern: what happens when AI coding assistants and autonomous agents start suggesting or producing code?

Sainsbury's Expands Facial Recognition to Combat Shoplifting
Sainsbury's is taking a bold stance against shoplifting by expanding its facial recognition technology to nearly 200 stores by 2026, but is this move a step too far for customer privacy? The supermarket giant's system has already shown promising results, with 90 percent of identified individuals choosing not to return.

GitHub Bolsters Supply Chain Security by Blocking Pwn Request Patterns
GitHub is stepping up its game to protect your code by blocking common attack patterns on pull requests, helping to prevent security vulnerabilities from untrusted code. As of June 18, 2026, its actions/checkout v7 will refuse risky fork checkouts by default, keeping your workflows safer from attacker-controlled code.

China Tightens Grip on Supply-Chain Data
China's new regulations, effective April, are tightening controls on supply-chain data, with a focus on the intent behind data collection, not just what is collected. Authorities can now scrutinize the purpose of investigations and information gathering to ensure they align with Chinese laws and regulations.

Open Source Community Unprepared for EU's Cyber Resilience Act
The open source community is lagging behind on cybersecurity readiness, with stagnating awareness and a lack of preparedness for the EU's Cyber Resilience Act, which requires minimum security standards for hardware and software products by December 2027. It's time for urgent action to avoid falling short of compliance.

Apple Foils $11 Billion in App Store Fraud Over Six Years
Apple's vigilant efforts have paid off, blocking a whopping $11 billion in App Store fraud over the past six years, with a staggering $2.2 billion foiled in 2025 alone. The tech giant's winning combination of human review and cutting-edge tech has kept scammers at bay.

RubyGems Disrupts Signups Amid Malicious Package Surge
RubyGems has temporarily halted new account registrations amid a significant surge in malicious packages, with security experts warning of a major attack on the platform. The move comes as Mend.io, the organization responsible for securing RubyGems, works to contain the incident.

US Agencies Issue Zero Trust Guidance for OT Security
US government agencies have just released a game-changing guide to help protect critical infrastructure systems with practical, layered security strategies. The new zero-trust guidance provides a tailored approach for operational technology environments, balancing safety and uptime needs with robust security measures.

Cloudsmith Bolsters Software Supply-Chain Security with $72M Raise
Cloudsmith just secured $72 million to supercharge its artifact management platform and take software supply-chain security to the next level. With a strong artifact management layer in place, companies can enjoy the added benefit of a secure software supply chain.

Axios Breach Underscores Need for AI in Supply Chain Security
A single, sneaky change to a popular open-source software can spread like wildfire, infecting a staggering 100 million weekly downloads across businesses, startups, and government systems - and that's exactly what happened in a recent Axios breach. The lesson is clear: AI is no longer a nice-to-have, but a must-have for safeguarding supply chain security.

Report Exposes Open Source Vulnerability Trends
A new report, The State of Trusted Open Source, reveals eye-opening trends on open source vulnerability, shedding light on what teams consume and how those choices impact build artifacts and libraries. By analyzing real product data, it provides crucial insights into the open source components developers use every day.

Cyberattacks Pose Critical Threat to Retail Supply Chain
In today's interconnected retail landscape, a looming threat jeopardizes the smooth flow of goods: cyberattacks on the supply chain. A single weak link can bring down the entire ecosystem, leaving retailers and consumers vulnerable to disruption.

AI: Stunning Discovery of 12 Critical OpenSSL Flaws
An AI-assisted team quietly uncovered twelve critical OpenSSL vulnerabilities—ten from 2025 and two from 2026—triggering an emergency patch and proving machines can spot zero-days humans missed. It’s a relief they were responsibly disclosed, and a stark reminder of how fragile the internet’s cryptographic trust really is.

DoD Cloud Modernization Exclusive: Effortless Security
DoD Cloud Modernization can deliver faster decisions, resilient logistics, and stronger security—but only if we stop equating lift-and-shift with modernization. Re-architecting apps, automating defenses, and embracing DevSecOps will turn cloud promise into real protection for soldiers, allies, and critical supply chains.

Trump Administration Exclusive: Bold New AI Order
The new AI executive order is a wake-up call: act now to codify controls, inventory models and shore up your supply chain, or risk falling behind on contracts, compliance and customer trust. Turn regulatory pressure into a competitive advantage by updating development lifecycles and governance today.

Security Leaders Exclusive: Critical Take on Marquis Breach
Nearly 250,000 Americans had their tax‑credit records exposed in the Marquis breach — a wake‑up call that this wasnt just a technical slip but a systemic security failure companies, regulators, and consumers must fix together. Experts break down what went wrong, who’s accountable, and the urgent steps to protect victims and prevent the next catastrophe.

Prompt Injection Through Poetry: Exclusive Best Defenses
What if a poem could fool the guard? New research shows adversarial verse — and even $5 expired-domain hijacks — can cheaply and reliably bypass model guardrails, turning style and supply-chain trust into a dangerous new attack surface.

UK Cyber Resilience Bill: Exclusive Critical Provisions
Take an exclusive look at the UK Cyber Resilience Bill’s critical provisions. From privacy-by-design and data limits to distributed trust and independent oversight, Parliament’s choices will decide whether our digital infrastructure becomes truly resilient or merely shifts risk around.

UK Government Must-Have Cyber Security Bill Is Best Step
The UKs Cyber Security and Resilience Bill is a long‑overdue reboot that modernizes rules, speeds incident reporting, and boosts enforcement and NCSC powers to better protect critical services, supply chains and everyday life from increasingly sophisticated cyber threats.

Xi Jinping Exclusive: Damaging Joke on Xiaomi Backdoors
Xi Jinpings offhand joke about Xiaomi backdoors — met with a laugh from South Koreas president — turned a light moment into a diplomatic ripple, reigniting real doubts about device security and supply‑chain vulnerabilities.

MSP Cybersecurity Must-Have: Best Practices for Growth
Managed service providers can turn mounting cybersecurity pressure into growth by delivering scalable, repeatable security and clear proof of remediation. Meet clients demands for patch logs, backup safeguards, and third‑party validation—and you protect customers while standing out in a crowded market.

Tata Consultancy Services Exclusive Denies Critical M&S Loss
Tata Consultancy Services says: follow the timeline — its service‑desk contract with Marks & Spencer ended before the cyber intrusion, so the two events shouldn’t be conflated. That timing could dramatically shift the legal, regulatory and reputational fallout.