A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.
The post React Native Aria Packages Backdoored in Supply Chain Attack appeared first on SecurityWeek.
Chinese Hackers Hit Drone Sector in Supply Chain Attacks
The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector.
The post Chinese Hackers Hit Drone Sector in Supply Chain Attacks appeared first on SecurityWeek.
Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack
Supply chain attack compromises the popular rand-user-agent NPM package to deploy and activate a backdoor.
The post Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack appeared first on SecurityWeek.
Manifest Raises $15 Million for SBOM Management Platform
Software and AI supply chain transparency firm Manifest has raised $15 million in a Series A funding round led by Ensemble VC.
The post Manifest Raises $15 Million for SBOM Management Platform appeared first on SecurityWeek.
Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation
The cash infusion brings Chainguard’s total funding to about $612 million since launching in 2021 and prices the company at $3.5 billion.
The post Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation appeared first on SecurityWeek.
AI Hallucinations Create a New Software Supply Chain Threat
Researchers uncover new software supply chain threat from LLM-generated package hallucinations.
The post AI Hallucinations Create a New Software Supply Chain Threat appeared first on SecurityWeek.
Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed
More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause.
The post Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed appeared first on SecurityWeek.
100 Car Dealerships Hit by Supply Chain Attack
The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise.
The post 100 Car Dealerships Hit by Supply Chain Attack appeared first on SecurityWeek.
Popular GitHub Action Targeted in Supply Chain Attack
The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.
The post Popular GitHub Action Targeted in Supply Chain Attack appeared first on SecurityWeek.
UK Government Report Calls for Stronger Open Source Supply Chain Security Practices
Report from the Department for Science, Innovation & Technology (DSIT) finds weaknesses in current practices.
The post UK Government Report Calls for Stronger Open Source Supply Chain Security Practices appeared first on SecurityWeek.
