Advertisement
npm Staged Publishing: New 2FA Controls Prevent Supply Chain Attacks
GitHub introduces staged publishing for npm, requiring manual 2FA approval for package releases to mitigate malicious automated updates and account takeovers.
AI BOMs in Security: CISO Guide to Usability & Influence
Explore how CISOs can effectively prepare for and integrate AI Bill of Materials (AI BOMs) into their modern security programs, influencing their generation for better
AI Bills of Materials: Essential for Proactive AI Supply Chain Security
Explore the emerging necessity of AI Bills of Materials (AI BOMs) to manage complex AI supply chain risks and enhance transparency in AI systems by 2026.
RubyGems Suspends Registrations Due to Malicious Package Influx
RubyGems maintainers suspended new user registrations after detecting an automated attack involving over 500 malicious packages targeting platform resources.
FCC Adjusts Foreign Router Ban: Supply Chain Security Implications
The FCC has modified its ban on non-compliant foreign-made routers, extending deadlines for federal agencies. This impacts government supply chain security efforts.
Boost Security Expands SDLC Defense via Strategic Acquisitions
Boost Security secures $4 million and acquires SecureIQx and Korbit.ai to streamline automated governance and security within the development lifecycle.
Cloudsmith Funding Boosts Software Supply Chain Security Efforts
Cloudsmith secures $72M in Series C funding to accelerate development of its software supply chain management platform, enhancing artifact security and integrity.
Vercel Data Breach: ShinyHunters Claim Theft of Next.js Creator Data
Vercel confirms a security incident following claims by ShinyHunters to sell stolen data for $2 million. Analyze the impact on Next.js and supply chains.
Asia's Digital Supply Chain Security: Regulatory Differences & AI Risks
Analyzes unique security risks in Asia's digital supply chain, highlighting challenges from regulatory disparities, interconnected ecosystems, and the rise of AI.
OpenAI Revokes macOS App Certificate Following Supply Chain Attack
OpenAI revokes its macOS app signing certificate after a GitHub Actions workflow downloaded a malicious Axios library version during a supply chain incident.
Open Source Security: Key Findings from 2025 Trust Report
Analysis of the 2025 State of Trusted Open Source Report, detailing prevalent vulnerabilities and consumption patterns in container images and language libraries.
Rising Automotive Cyber Threats: Protecting Connected & Autonomous Vehicles
Analysis of increasing cybersecurity risks to connected and autonomous vehicles, detailing attack vectors and actionable recommendations for enhanced defense.