Rather than scanning code alone, Build Application Firewalls inspect runtime behavior inside the software build pipeline.
The post Build Application Firewalls Aim to Stop the Next Supply Chain Attack appeared first on SecurityWeek.
AI Coding Agents Could Fuel Next Supply Chain Crisis
“TrustFall” attack shows how AI coding agents can be manipulated into launching stealthy supply chain compromises.
The post AI Coding Agents Could Fuel Next Supply Chain Crisis appeared first on SecurityWeek.
Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack
Attackers could inject prompts into a GitHub issue and take over the AI agent designed to automatically triage the issue.
The post Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack appeared first on SecurityWeek.
Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data
Researcher says the missing piece is a governance-driven intelligence layer that turns SBOM and VEX data into explainable security decisions.
The post Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data appeared first on SecurityWeek.
New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM
The malicious code propagates like a worm, poisons AI assistants, exfiltrates secrets, and contains a destructive dead switch.
The post New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM appeared first on SecurityWeek.
RapidFort Raises $42M to Automate Software Supply Chain Security
The company will use the latest capital to scale its go-to-market efforts and expand its platform’s capabilities.
The post RapidFort Raises $42M to Automate Software Supply Chain Security appeared first on SecurityWeek.
eScan Antivirus Delivers Malware in Supply Chain Attack
Hackers compromised a MicroWorld Technologies update server and fed a malicious file to eScan customers.
The post eScan Antivirus Delivers Malware in Supply Chain Attack appeared first on SecurityWeek.
‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks
The protections against NPM supply chain attacks could be bypassed, leading to arbitrary code execution.
The post ‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks appeared first on SecurityWeek.
Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist
The worm exposed Trust Wallet’s Developer GitHub secrets, allowing attackers to publish a backdoor extension and steal funds from 2,520 wallets.
The post Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist appeared first on SecurityWeek.
From Open Source to OpenAI: The Evolution of Third-Party Risk
From open source libraries to AI-powered coding assistants, speed-driven development is introducing new third-party risks that threat actors are increasingly exploiting.
The post From Open Source to OpenAI: The Evolution of Third-Party Risk appeared first on SecurityWeek.
