Tag: supply chain security
40 articles

Collaboration and AI: Stunning Best Defense for Agencies
Collaboration and AI are becoming the winning lifeline for federal agencies facing smarter, faster cyberattacks. By pairing shared threat intelligence with machine-speed detection and response, agencies can turn fragmented defenses into proactive, resilient security.

Security Leaders: Exclusive, Alarming Threat Evolution
Security leaders face an urgent choice: overhaul defenses now or accept a rising tide of risk. Threat evolution has accelerated — commodified crimeware, AI-driven automation and sprawling attack surfaces mean attackers are moving faster than most organizations can respond.

consulting GitLab instance: Must-Have Risky Breach Fixes
Red Hat confirmed that an unauthorized party accessed a consulting GitLab instance and exfiltrated data, spotlighting how even non-core environments can expose customers to serious risk. Act now: audit access logs, rotate credentials and secrets, isolate consulting projects, and enforce least-privilege and stronger identity controls to stop lateral attacks.

cybersecurity executive order: Must-Have Best Guide
The June 6, 2025 cybersecurity executive order sets a clear — and urgent — blueprint for federal CISOs to accelerate zero‑trust, strengthen software supply chains, and tighten incident reporting while juggling legacy systems, budgets and mission continuity. Tune into our podcast briefing for practical steps, expert perspectives, and real-world playbooks to turn the EO from mandate into measurable security.

malicious npm code: Critical Risk, Must-Have Defenses
Think supply chain attacks are theoretical? Wiz found malicious npm code in about 10% of cloud environments — proof a single tainted dependency can ripple across services. Treat dependencies like security controls: use SBOMs, provenance checks, and runtime defenses to keep builds safe without slowing teams down.

5G cybersecurity Must-Have: Best Protection Guide
As 5G spreads, new cyber risks multiply—NCCoE’s latest white paper lays out practical, must-have principles to design secure 5G networks from the ground up. Whether you’re a tech leader or policymaker, this guide helps you balance innovation and safety to protect devices, data, and critical infrastructure.

Glasgow Council Services and Data Threatened by Supply Chain Incident
Glasgow Council faces potential data threats following a supply chain incident, impacting essential services and data security measures.

North Korea-Linked Cyberattack: 35 Malicious npm Packages Target Developers
North Korea-linked cyberattack reveals 35 malicious npm packages targeting developers, posing serious security risks and undermining software integrity.

Trump Administration Overhauls Cybersecurity Policy with a New Executive Order
Trump Administration overhauls cybersecurity policy with a new executive order to strengthen digital defenses and secure national infrastructure.

ISMG Editors: Infosecurity Europe Conference 2025 Wrap-Up
ISMG Editors wrap up Infosecurity Europe 2025 with key insights, trends, and expert takeaways shaping the future of cybersecurity.

Adidas confirms criminals stole data from customer service provider
Adidas confirms criminals stole data from its customer service provider, exposing sensitive customer info in a major security breach.

Cybercriminals Exploit Fake VPN and NSIS Installers to Distribute Winos 4.0 Malware
Cybercriminals exploit fake VPN and NSIS installers to spread Winos 4.0 malware, posing a major cybersecurity threat. Stay alert.

Dozens of malicious packages on NPM collect host and network data
Dozens of malicious NPM packages are covertly collecting host and network data, exposing developers to critical security risks and data breaches.

Broadcom Employee Records Exposed in Ransomware Assault on Payroll Provider
Ransomware attack on payroll provider exposes Broadcom employee records, raising cybersecurity concerns and data vulnerability risks.

Ivanti Remediates Two Actively Exploited Zero-Day Flaws as Intelligence Agency Issues Warning
Ivanti patches two actively exploited zero-day flaws as intelligence agencies warn of escalating cyber threats, urging rapid remediation.

Hitachi Vantara takes servers offline after Akira ransomware attack
Hitachi Vantara takes servers offline after an Akira ransomware attack, reinforcing cybersecurity and initiating risk mitigation measures.