software supply chain attack Archives

#Pixnapping: Android Timing Attack Sends Google Back to the Drawing Board

Richi Jennings | October 14, 2025 | android, Android 16, Android Application Hacking, Android attack, CVE-2025-48561, google, Pixnapping, Rowhammer, SB Blogwatch, Side-Channel, side-channel attack, side-channel attacks, software supply chain, software supply chain attack, software supply chain attacks

If at first you don’t succeed: Researchers discover a new way to steal secrets from Android apps ...

Security Boulevard

Supply Chain Ransomware Attack Hits Starbucks, UK Grocers

Jeffrey Burt | November 26, 2024 | Ransomware, software supply chain attack, Starbucks

Coffee store giant Starbucks was among other organizations affected by a ransomware attack this month on cloud managed service provider Blue Yonder, a Panasonic subsidiary that has more than 3,000 customers. Two ...

Security Boulevard

SolarWinds supply chain cybersecurity Unisys Avaya Check Point Mimecast fines

Judge Dismisses Most SEC Charges Against SolarWinds

Jeffrey Burt | July 19, 2024 | Securities and Exchange Commission, software supply chain attack, SolarWinds, Sunburst malware

A federal district court judge blew a hole in the SEC's case against SolarWinds, saying that while the company and its CISO could be tried for statements made before the high-profile Sunburst ...

Security Boulevard

A ballet dancer sitting with her head in her hands

‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought

Richi Jennings | July 5, 2024 | App Sec & Supply Chain Security, AppSec & Supply Chain Security, CloudFlare, Funnull, Javascript, Modern Software Supply Chains, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, polyfill, SB Blogwatch, secure software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, Supply-Chain Insecurity

Spackle attack: Chinese company takes over widely used free web service—almost 400,000 websites at risk ...

Security Boulevard

A flock of ostriches (or is it a troop?)

WordPress Plugin Supply Chain Attack Gets Worse

30,000 websites at risk: Check yours ASAP! (800 Million Ostriches Can’t Be Wrong.) ...

Security Boulevard

GitLab ‘Perfect 10’ Bug Gets a CISA Warning: PATCH NOW

Password reset FAILURE: The U.S. Cybersecurity and Infrastructure Security Agency warns GitLab users of a 100-day-old, maximum severity vulnerability ...

Security Boulevard

Microsoft Windows malware software supply chain

The Cybersecurity Industry Starts Picking Through Malicious XZ Utils Code

Jeffrey Burt | April 1, 2024 | Linux, open source code, software supply chain attack

The open source community, federal agencies and cybersecurity researchers are busy trying to get their hands around the security near-miss of the backdoor found in versions of the popular XZ Utils data ...

Security Boulevard

PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found

Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...

Security Boulevard

supply chain, SBOM, cybersecurity, SLSA organizations third party attacks supply chain supply chain ransomware The Kill Chain Model

Complex Supply Chain Attack Targets GitHub Developers

Jeffrey Burt | March 26, 2024 | developers, GitHub, software supply chain attack

Unidentified threat actors used multiple tactics to launch a sophisticated software supply-chain campaign targeting developers on the GitHub platform, including members of the popular Top.gg community that includes more than 170,000 members ...

Security Boulevard

GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL

Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...

Security Boulevard

software supply chain attack

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On