Skip to main content

Tag: supply chain

823 articles

Bootloader circuit board with microcontroller and components on a neutral background.

U-Boot Flaws Expose Devices to Code Execution, Crashes

Six newly discovered flaws in U-Boot, a widely used bootloader, leave devices from home routers to data-center servers vulnerable to code execution and crashes, posing a significant risk to everything that loads after it. These vulnerabilities can be exploited before the operating system even starts, undermining the entire security chain.

Analyst 207
Developer workstation with code on laptop screen and GitHub/npm interface in background.

GitHub Compromise Injects Malicious npm Packages with Wallet-Key-Stealing Code

A malicious actor hijacked a trusted GitHub account and used it to inject wallet-key-stealing code into 18 npm packages, including Injective Labs' SDK, by exploiting the project's pipeline. This sneaky move allowed the attacker to spread the backdoor through a series of seemingly legitimate updates.

Analyst 207
Blurred laptop on minimalist desk in neutral room conveys vulnerability.

AI Agents Expose Identity Security Gap

The alarming truth is that security systems, designed with people in mind, are failing to protect against AI agents - and the consequences are stark. A single compromised machine identity can become a gateway to a vast array of sensitive information, as a recent breach involving an OAuth token and hundreds of organizations painfully illustrates.

Analyst 207
Person sitting at desk, speaking on phone with concerned expression, blurred computer screen in background.

Hackers Exploit Microsoft Entra Passkey Enrollment in Voice Phishing Attacks

Hackers are using voice phishing attacks to trick Microsoft 365 users into enrolling a new Entra passkey, targeting multiple sectors including food and beverage, technology, and healthcare. They're registering domains with the word "passkey" to convincingly pose as legitimate Microsoft representatives.

Analyst 207
Courthouse interior with judge's bench and row of chairs under natural daylight.

Ex-Con Ransomware Negotiator Sentenced for BlackCat Attacks

A former ransomware negotiator, Angelo Martino, has been sentenced to 70 months in prison for his role in a string of BlackCat ransomware attacks that targeted multiple victims between 2023 and 2025. Martino's guilty plea brings to justice a key player in the notorious ALPHV ransomware gang.

Analyst 207
Students and instructor in a university classroom with educational equipment and diagrams, surrounded by natural daylight.

Australia Urged to Cultivate Domestic Critical Minerals Workforce

Australia's mining sector is facing a critical shortage of skilled workers, with a 63% skills gap in 2022, and recent university closures are exacerbating the problem, threatening to leave valuable mines and processing plants idle. The country lags far behind China, which churns out 3,000 mining engineering graduates annually from 45 programs.

Analyst 207
Straight highway and railway track stretch into the distance across a vast, open Australian landscape.

Australia's Strategic Focus Shifts to Endurance Over Efficiency in Infrastructure Investment

Imagine a 2,700 km corridor that connects Darwin to Port Augusta, but it's more than just a highway - it's a complex system that supports defence, freight, and community needs across northern Australia. This critical infrastructure, known as the Stuart corridor, is a lifeline that weaves together highways, railways, fuel storage, telecommunications, and industrial supply chains.

Analyst 207
Cluttered home office workspace with disrupted laptop and scattered papers.

OpenMandriva Linux Project Hit by Sabotage Attempt

Davide Beatrici, a leading developer of the Mumble app, has denied allegations of sabotage against the OpenMandriva Linux Project, claiming his actions were deliberate but not malicious. He admitted to deleting key repositories and pushing a package, but insists his moves were targeted, not hurtful.

Analyst 207
A developer's clutter-free workstation with laptop, notebook, and coffee cup, set against a blurred background with a hint…

npm Package Infects Developers with Cryptocurrency Wallet Stealer

A malicious npm package, downloaded a staggering 50,000 times weekly, was briefly infected with code that stole cryptocurrency wallet private keys and sensitive seed phrases, putting countless developers at risk. The attack was launched after a contributor's GitHub account was compromised, allowing the hackers to spread the poisoned code across multiple projects.

Analyst 207
Engineers work on a prototype turbofan engine in a clean-room setting with tools and equipment nearby.

Turkey's TEI Advances Domestic Turbofan to Break Ukraine Engine Chokepoint

Turkey's TEI is making significant strides in developing its domestic turbofan engine, with plans to deliver the TF6000 to Baykar and Turkish Aerospace Industries by early 2027 for pre-integration testing. This milestone marks a crucial step towards breaking Ukraine's engine chokepoint and advancing Turkey's aerospace capabilities.

Analyst 207
Cluttered home office desk with a lit computer terminal.

GitHub Accounts Used to Map Corporate Orgs in Stealthy Campaigns

Cyber attackers are using sneaky tactics, leveraging old or compromised GitHub accounts, to secretly map out corporate organizations and steal sensitive data. They're exploiting loopholes with automated tools and stolen tokens to quietly gather intel from GitHub APIs.

Analyst 207
Developer workstation with laptop and notes, package manager interface on screen.

GitHub npm Tightens Security With Disabled Install Scripts

GitHub's latest npm update takes a giant leap in security by disabling install scripts by default, reducing supply-chain risks and giving developers more control. To adapt, plan to switch to trusted publishing or staged publishing with human approval for automated publishing.

Analyst 207
Secure software development facility with rows of computer servers and workstations, amidst open-source project screens and…

Clearinghouses Race to Remediate Pre-Disclosure Vulnerabilities

Chainguard's Athena clearinghouse has been quietly remediating vulnerabilities for months, converting findings into fixes at an incredible pace, with a one-day SLA on actively exploited vulnerabilities and over 100,000 issues resolved so far. This swift action comes as the threat landscape accelerates, with the mean time to exploit now estimated at just -7 days.

Analyst 207
Developer workstation with laptop, monitor, and coding environment on a cluttered office desk.

AI Coding Assistants Expose Flaw in Approval Process

Researchers have uncovered a shocking flaw, dubbed GhostApproval, that affects six major AI coding assistants, allowing malicious code to bypass approval prompts and wreak havoc on a developer's machine. This vulnerability can be exploited through a clever use of symbolic links, posing a significant risk to developers who rely on these tools.

Analyst 207
Taiwanese representatives excluded from formal international meeting.

Beijing Intensifies Campaign to Isolate Taiwan

Beijing's campaign to isolate Taiwan has taken a more sinister turn, with everyday obstruction and procedural meddling making it increasingly costly for Taipei to engage with the world. From botched visas to high-profile exclusions, China's tactics are raising the stakes and making Taiwan's isolation a harsh reality.

Analyst 207
Chinese military logistics hub with AI systems, showcasing potential wartime vulnerabilities.

China's Military AI Logistics Expose New Vulnerabilities in War

China's military is betting big on artificial intelligence to supercharge its logistics, but this bold move may backfire in the chaos of war, creating vulnerable chokepoints that could leave its operations crippled. Mike Tyson's famous words - "everybody has a plan until they get punched in the face" - are particularly apt for Beijing's high-stakes gamble.

Analyst 207
Factory floor with machinery and equipment for manufacturing missile components.

Ukraine's Patriot Missile Production Hinges on Complex Supply Chain

In a surprise move, President Trump offered Ukraine a license to produce Patriot missile interceptors, a deal that could bolster the country's defenses, with the US also pledging to provide additional interceptors from its existing stockpile. The unexpected agreement was reached during a meeting between Trump and Ukrainian President Zelensky at the NATO Summit in Ankara, Turkey.

Analyst 207
Rocket engine on a workbench surrounded by tools and technicians in a modern industrial setting.

Venus Aerospace Secures $91 Million for Rocket Engine Production Scale-Up

Venus Aerospace is poised to supercharge its rocket engine production with a whopping $91 million in new funding, led by Mercury Fund and backed by Lockheed Martin Ventures. This major investment will help the Houston startup scale up to meet soaring demand from commercial and government clients.

Analyst 207
Dimly lit government office with blurred computer screen and hint of ID card.

AssuranceAmerica Breach Exposes 6.9 Million Driver Records

On March 17, 2026, AssuranceAmerica detected a security breach that put 6.9 million driver records at risk, allegedly caused by a malicious attack on one of its employees on March 16, 2026. The company has begun notifying affected individuals about the breach.

Analyst 207
Three individuals in business casual attire walk through a campus quad carrying laptops with antennas, surrounded by…

Red Teamer Exploits Trust to Steal Priceless Trophy

Imagine walking onto a secure campus with equipment in plain sight and a convincing story, and having employees roll out the red carpet - literally. A professional red teamer and his colleagues did just that, effortlessly gaining access to a Fortune 500 company's high-security site by exploiting one simple vulnerability: trust.

Analyst 207
Developer workstation with laptop, terminal, and papers, in a research area with a blurred background.

AI Coding Assistants Exposed to Symlink Flaw

Researchers uncovered a major vulnerability, dubbed GhostApproval, that affects six popular AI coding assistants, allowing attackers to manipulate the code and write malicious data into sensitive files. This flaw uses a clever trick involving deceptively named files and symbolic links to catch AI assistants off guard.

Analyst 207
University server room with rows of computer equipment and subtle hints of a security breach.

Chinese Spies Exploit Roundcube Flaw to Breach University Servers

A recent series of university server breaches, attributed to a group called UNK_MassTraction, has exposed vulnerabilities in North American higher-education institutions, with potentially dozens more affected. The breach, linked to a flaw in Roundcube, is believed to be an ongoing campaign.

Analyst 207
Diverse international experts gather in a well-lit collaborative workspace.

Paris Peace Forum Launches Global Hub to Track AI Cyber Threats

The Paris Peace Forum is tackling the growing threat of AI-driven cyber attacks by launching INTAiC, a groundbreaking global hub that unites experts from two previously separate spheres: network defense and AI security. By bridging this gap, INTAiC aims to provide a unified front against the evolving risks to global internet infrastructure.

Analyst 207
University hallway with generic furnishings and decor, daytime scene.

Hackers Exploit Roundcube Flaw to Target Academic Researchers

A new wave of cyber attacks linked to China is targeting academic researchers in the US and Canada, specifically those in physics, engineering, and national security-related fields, by exploiting a vulnerability in Roundcube webmail servers. The campaign, tracked as 'UNK_MassTraction', has been ongoing since May and has already hit several universities.

Analyst 207