Tag: supply chain
501 articles
Microsoft Patch Tuesday Addresses 167 Vulnerabilities, Fixes 2 Zero-Day Flaws
Microsoft's April Patch Tuesday update is a doozy, tackling a whopping 167 vulnerabilities, including two zero-day flaws that demand immediate attention. The question is, can you afford to wait - or do you need to act fast to safeguard your organization?
Rheinmetall Forges Missile Alliance with Destinus to Bolster European Defence Industry
Rheinmetall and Destinus are joining forces to create a game-changing missile systems joint venture, set to supercharge Europe's defence industry with cutting-edge capabilities. This powerful alliance aims to strengthen the continent's industrial base, drive innovation, and safeguard strategic autonomy.
Open-Source Silicon Initiative Aims to Bolster Hardware Trust
Imagine having a tiny chip inside your device that you can trust completely - one that's transparent, secure, and designed to put your mind at ease. The Baochip-1x, a groundbreaking open-source silicon project by Andrew Bunnie Huang, aims to provide just that, giving developers an affordable and security-focused solution for building high-assurance embedded devices.
Mythos Exposes Software Backlog, Pressures Vendors on Patching
The Claude Mythos Preview has uncovered a harsh reality: artificial intelligence can spot long-known software defects faster than teams can fix them, revealing a massive backlog of vulnerabilities that could leave businesses exposed. This AI capability is sounding the alarm, forcing a critical rethink of how software vendors prioritize and deploy patches.
Pentagon Seeks Massive Munitions Boost Amid Industry Capacity Questions
The Pentagon is making a bold move, seeking a massive 188% boost in missile procurement, with a whopping $70.5 billion earmarked for munitions in its FY27 budget request. But can the industry keep pace, and how quickly can this ambitious plan translate into operational stockpiles?
Satellite Imagery Firm Curtails Mideast Coverage Amid Iran War
A commercial satellite-imagery firm, Planet, has started withholding images of the Middle East, including Iran and nearby conflict zones, for a 14-day delay - raising questions about who gets to know what, and when. This private policy change has significant public implications, especially amid rising tensions in the region.
OpenAI Rushes Updates for Mac Apps After Axios Hack Compromise
OpenAI recently issued urgent updates for its Mac apps after a developer tool inadvertently pulled in a malicious library, highlighting the risks of supply-chain vulnerabilities. Fortunately, the company assured that its systems and software integrity remained intact despite the incident.
France Accelerates Exodus from US Tech with Open-Source Push
France is taking a bold step towards digital independence, with a push to ditch American commercial software for open-source alternatives, and all government ministries are now racing against the clock to reduce their reliance on US tech by the fall. This move signals a growing unease among European governments about Silicon Valley's influence.
Impersonator Exploits Slack to Target Linux Developers
A clever impersonator tricked Linux developers on Slack by posing as a trusted official, leading them to click a link that seemed harmless but actually handed over their credentials and development environment. This sneaky attack used Google-hosted pages to disguise a bogus root certificate, catching developers off guard.
OpenAI Revokes macOS Certs Amid Supply Chain Breach Fallout
A recent supply chain breach has raised concerns about software trustworthiness, prompting OpenAI to revoke its macOS code-signing certificates after a malicious package was executed in its build pipeline. This swift action highlights the vulnerability of even the most secure systems to supply chain attacks.
FBI Disrupts W3LL Phishing Operation Linked to $20m in Fraud
The FBI has successfully dismantled a massive phishing operation built around the notorious W3LL phishing kit, which was linked to a staggering $20 million in fraud attempts. By taking down this operation, the bureau has disrupted a key tool used by cybercriminals to carry out their scams.
Rockstar Games Data Breached as ShinyHunters Exploits Third-Party Vulnerability
Rockstar Games has been hit by a data breach, with a notorious hacking group called ShinyHunters claiming it accessed sensitive information through a vulnerability in a third-party tool, rather than a complex hack. The group says it simply walked through an open door, exploiting access to Snowflake metrics to get to the data.
Lockheed Martin Expands Australian Missile Production
Lockheed Martin is taking a major step forward in Australian missile production, having successfully test-fired GMLRS rockets assembled in Australia - a milestone that marks a significant boost to the country's defense capabilities. But what does it really mean for a missile to be Australian-made when critical parts still come from overseas?
OpenAI Disrupts macOS App Signing Process After Supply Chain Breach
OpenAI recently took swift action to protect its users by revoking a macOS app certificate after discovering a malicious library had been downloaded through a GitHub Actions workflow used to sign its applications. This move highlights the vulnerability of even trusted software signing processes to supply chain breaches, and the importance of staying vigilant in macOS app security.
CPUID Compromised, Trojanized Software Deploys STX RAT
For one day in April, unsuspecting users who visited CPUID.com, a trusted site for hardware-monitoring tools, unknowingly downloaded trojanized software that deployed a malicious remote access trojan called STX RAT. The compromised software, including CPU-Z and HWMonitor, turned a trusted resource into a malware delivery vehicle.
Compromised Plugin Update Injects Backdoor into WordPress Sites
A widely used WordPress plugin, Smart Slider 3 Pro, was compromised when hackers hijacked its update system to push a poisoned version containing a backdoor, putting over 800,000 active installations at risk. This alarming breach raises critical questions about trust and security in the mechanisms we rely on to protect our online presence.
Leidos, Defense Unicorns to Validate Navy Ship Software Prototypes
The Navy has taken a crucial step in bringing innovative shipboard software to life by partnering with Leidos and Defense Unicorns to test and validate cutting-edge prototypes in a controlled lab environment. This strategic move aims to mitigate risks and ensure seamless integration of new systems at sea.
Australia's AFV Maintenance Plan Sparks Logistical Concerns
Sending armoured fighting vehicles to a distant repair hub raises eyebrows - it's like shipping Ukraine's tanks to Paris for a tune-up, an arrangement that's both illogical and unacceptable. Australia's plan to sustain its AFVs far from their base in Townsville is being called into question.
Quantum Computing Advances Accelerate Push to Secure Data
The timeline for securing our digital world is rapidly shrinking, driven by a triple threat of lightning-fast advances in quantum computing hardware, groundbreaking mathematical discoveries, and growing concerns about China's scientific progress. This perfect storm is pushing tech giants to urgently migrate to quantum-proof systems.
Court Upholds Pentagon Ban on Anthropic AI Models
In a significant ruling, a federal appeals court has sided with the Pentagon, allowing it to ban Anthropic's advanced AI models, including Claude, from defense contracts due to supply-chain risk concerns. This decision deals a blow to Anthropic's ambitions in the national defense space, at least for now.
AI Tools Accelerate Healthcare Cyber Threats, Experts Warn
As AI tools become more advanced, experts warn that they can also supercharge healthcare cyber threats, autonomously identifying and exploiting software flaws at unprecedented speeds. This could lead to a dramatic surge in attacks on hospitals, clinics, and patients, making the threat landscape more treacherous than ever.
Chinese Supercomputer Breach Exposes Massive 10-Petabyte Data Heist
A massive 10-petabyte data heist has been reported from a state-run Chinese supercomputer, raising urgent questions about the breach and its potential consequences. The staggering scale of the alleged theft has sparked widespread concern, but details about the incident remain scarce.
Hackers Exploit Smart Slider Plugin to Deploy Malicious Code
Hackers have hijacked the update system for the popular Smart Slider 3 Pro plugin, deploying a malicious release that lets them take control of affected websites. This alarming breach highlights the vulnerability of even trusted software update channels to exploitation.
Microsoft Abruptly Bans Top Open-Source Developers
Imagine being a leading open-source developer, only to be suddenly and silently locked out of your Microsoft developer account, with no warning, no emails, and no human contact - just automated blocks and a lengthy appeal wait. This is what recently happened to the creators of VeraCrypt and WireGuard, leaving their critical projects in limbo.