Tag: supply chain
500 articles
Microsoft Updates Disrupt Third-Party Backup Apps on Windows
Microsoft's latest Windows security update has caused disruptions to third-party backup apps, adding a vulnerable kernel driver to its blocklist to protect users from potential exploits. This change aims to prevent attackers from escalating privileges or executing arbitrary code, but has unfortunately caused failures in some backup products.
Iran's Shahed Drone Imposes Cost-Exchange Crisis on US Air Defences
Iran's massive production of Shahed drones, potentially reaching 400-500 units monthly, has transformed these once-nuisance weapons into a game-changing force that could redefine the US-Iran conflict. With Iranian and Russian facilities churning out over 200 units per month, the US air defenses now face a daunting cost-exchange crisis.
Grain Markets Expose National Security Fault Lines
Discover how global conflicts, from World War I to today, have exposed the shocking vulnerabilities of grain markets and national security, revealing the high stakes of protecting our food supply. Maritime chokepoints like the Dardanelles and Strait of Hormuz have repeatedly put grain supplies at risk, highlighting the urgent need for secure agricultural supply chains.
US Weapons Deliveries to Nordic Allies Hit by Middle East War
US weapons deliveries to Norway and other Nordic allies are facing potential delays due to the ongoing conflict in the Middle East, with Washington notifying Oslo of possible hold-ups. The delays, however, have not been officially confirmed, with US authorities stressing that no decision has been made yet.
CISA's Zero Trust Guidance Falls Short on Cost, Implementation Details
While CISA's new zero trust guidance for operational technology is a step in the right direction, it leaves critical questions unanswered - namely, who foots the bill and how do organizations actually implement it? The guidance gets high marks for technical thinking, but falls short on practical details like funding, timelines, and automation.
Malicious Ruby Gems, Go Modules Exploit CI Pipelines for Credential Theft
Malicious actors are targeting developers and CI pipelines with fake Ruby Gems and Go Modules, masquerading as familiar libraries to steal credentials. The campaign, linked to the GitHub account BufferZoneCorp, poses a significant threat to software supply chains.
Home Office Bolsters Passport Contract to £576M Amid Rising Demand
The Home Office has supercharged its passport production contract, boosting its value to £576 million as demand for passports continues to soar. This 12-year deal, worth £48 million annually, is a significant increase from the original £360 million estimate.
FCC Fortifies Telecom Rules to Combat Robocalling and Cyber Threats
The FCC is cracking down on telecom companies that aren't doing enough to stop robocalling and cyber threats, with Chair Brendan Carr slamming those who do the bare minimum to verify callers as complicit in illegal schemes. New rules aim to tighten verification and supply-chain security to protect US phone networks.
China Accelerates Indo-Pacific Push, Tests Regional Cohesion
As China's influence grows in the Indo-Pacific, regional states face a daunting dilemma: balancing economic opportunities with sovereignty and security concerns, making it increasingly likely they'll hedge their bets rather than fully commit to either side. This strategic tightrope walk will be especially challenging for Pacific island countries under strain from China's more aggressive pursuit of port access and maritime influence.
Malware Worms Into SAP, Intercom and Lightning Developer Tools
Malicious actors struck SAP's JavaScript and cloud application development ecosystem on April 29, releasing poisoned versions of four widely-used npm packages that receive a staggering 572,000 weekly downloads. The compromised packages, which included mbt, @cap-js/db-service, @cap-js/postgres, and @cap-js/sqlite, were published in a brief window of just two hours.
Socket Expands Supply-Chain Visibility with Secure Annex Acquisition
Socket is supercharging its supply-chain visibility with the acquisition of Secure Annex, a cutting-edge extension security startup, to give developers unprecedented control across the entire software development life cycle. This strategic move combines Socket's expertise in application dependencies with Secure Annex's innovative approach to browser and IDE extensions.
Brazilian DDoS Firm Exposes Own Security Breach
A Brazilian firm's bold admission about notifying major internet providers of massive DDoS attacks against small ISPs took an unexpected turn when evidence revealed a shocking security breach of its own. The company's CEO, Erick Nascimento, revealed that an intrusion in January 2026 compromised key servers and his personal security codes.
Satellite Firm Apex Unveils Software 'Secret Sauce' for Mass Production
Meet Octopus, Apex's game-changing software suite that powers the entire company, from forecasting and inventory to factory operations and even satellite tracking. This AI-driven secret sauce has transformed a small satellite bus into a thriving production line, and Apex CEO Ian Cinnamon credits it as their key differentiator.
Researchers Uncover Fast16 Malware's Stealthy Industrial Sabotage Role
Researchers have uncovered a highly sophisticated malware, Fast16, designed to secretly sabotage industrial operations by subtly manipulating critical calculations, leading to potentially catastrophic failures. This stealthy threat can silently spread across networks, altering results in high-precision applications and causing damage to real-world equipment.
FBI Warns of Surging Cyber-Enabled Cargo Theft Attacks
The FBI is sounding the alarm on a surge in cyber-enabled cargo theft, where sophisticated hackers impersonate legitimate businesses to hijack high-value shipments and reroute deliveries. With nearly $725 million in losses in 2025 alone, this growing threat is costing businesses big time.
Attackers Target New Assets Within Minutes of Exposure
The moment a new asset goes live with a public IP address, the clock starts ticking - and within minutes, attackers are circling, waiting to pounce on unsuspecting targets. In just 24 hours, a newly exposed asset can go from discovery to compromise, with threat actors exploiting vulnerabilities at an alarming rate.
cPanel Vulnerability Exposes Millions of Domains to Root Access Attacks
A critical cPanel vulnerability, rated 9.8 under CVSS, has been discovered, allowing attackers to craft a simple sequence of requests to bypass authentication and gain root access to servers, putting millions of domains at risk. Emergency patches are available to fix this gaping security flaw.
Quad Nations Urged to Share Critical-Mineral Intel
As China tightens its grip on rare earth elements, the US and its allies are racing to secure critical mineral supplies, but there's a glaring gap in their knowledge of global mineral flows. Can the Quad nations bridge this gap by sharing intelligence and turning cooperation into action?
SAP npm Packages Compromised in Supply-Chain Attack
Security researchers have uncovered a supply-chain attack that compromised four official SAP npm packages, allowing attackers to extract sensitive secrets from CI runner memory. The affected packages, which support SAP's Cloud Applications, have been deprecated on NPM and users are urged to update to secure versions.
UK Biobank Data Surfaces for Sale on Alibaba Amid Security Probe
UK Biobank data was mysteriously listed for sale on Alibaba, but thankfully, the listings were swiftly removed with the help of the UK and Chinese governments, and no sales were made. The sensitive data, which includes genomic information, health records, and medical imaging, had been shared with researchers but was de-identified to protect participants' identities.
OpenAI Drops Azure Exclusivity for Wider Enterprise Reach
OpenAI is shaking up its cloud distribution strategy, ending its exclusive partnership with Microsoft's Azure to reach more enterprises and meet them where they are. This move marks a significant shift for the AI company, allowing it to expand its reach beyond a single cloud provider.
North Korea Targets Developers with AI-Generated npm Malware
Security researchers have uncovered a sneaky malware campaign targeting developers, involving a malicious npm package called @validate-sdk/v2 that's designed to steal sensitive secrets, including crypto-wallet credentials. This tainted package, linked to a North Korean threat actor, was cleverly disguised as a utility SDK for legitimate tasks like hashing and validation.
AI-Assisted Code Targets Crypto Wallets via Malicious npm Dependency
Researchers have uncovered a sneaky malicious npm campaign, dubbed PromptMink, linked to North Korean hackers Famous Chollima, which targets crypto developers with fake utility packages that secretly steal sensitive info and funds. The campaign's clever tactics even involve an AI-assisted code commit to fly under the radar.
OAuth Breach Risks Expose AI-Driven Enterprise Vulnerability
A single misstep with a trial AI tool led to a major breach: a Vercel employee's casual OAuth grant to Context.ai created a lasting vulnerability that attackers exploited when Context.ai was compromised. This incident highlights the alarming ease with which AI-driven tools can become enterprise security weak spots.