software supply chain attacks

Imperva’s Wildest 2025 AppSec Predictions

| | AI, API security, Application Security, AppSec, GenAI, predictions, software supply chain attacks
Humans are spectacularly bad at predicting the future. Which is why, when someone appears to be able to do it on a regular basis, they are hailed as visionaries, luminaries and celebrated ...
Blog
A ballet dancer sitting with her head in her hands

‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought

| | App Sec & Supply Chain Security, AppSec & Supply Chain Security, CloudFlare, Funnull, Javascript, Modern Software Supply Chains, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, polyfill, SB Blogwatch, secure software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, Supply-Chain Insecurity
Spackle attack: Chinese company takes over widely used free web service—almost 400,000 websites at risk ...
Security Boulevard

Imperva Client-Side Protection Mitigates the Polyfill Supply Chain Attack

| | Application Security, Client-Side Protection, imperva, polyfill, software supply chain attacks
The recent discovery of a website supply chain attack using the cdn.polyfill.io domain has left many websites vulnerable to malicious code injection. Once a trusted resource for adding JavaScript polyfills to websites, ...
Blog
A flock of ostriches (or is it a troop?)

WordPress Plugin Supply Chain Attack Gets Worse

| | hacked WordPress, hacking wordpress, plug-in, plug-in vulnerability, plug-ins, rogue plug-in, SB Blogwatch, software supply chain, software supply chain attack, software supply chain attacks, software supply chain risk, Software Supply Chain risks, Supply-Chain Insecurity, Themes and Plug-ins, wordpress, WordPress plug-in, wordpress plugin update, Wordpress Plugin Vulnerability, WordPress Plugin Vulnerability Exploitation, WordPress Plugins, WordPress Plugins and Themes
30,000 websites at risk: Check yours ASAP! (800 Million Ostriches Can’t Be Wrong.) ...
Security Boulevard
Extreme closeup of “TEN” on US$10 note

GitLab ‘Perfect 10’ Bug Gets a CISA Warning: PATCH NOW

| | cisa, CISA Advisories, CISA Advisory, CISA Alert, CISA KEV, cisa known exploited vulnerabilities, cisa known exploited vulnerabilities catalog, CISA Threat Update, CISA warning, CISA.gov, CVE-2023-7028, CVSS10, Cybersecurity Infrastructure Security Administration, GitLab, GitLab Community Edition, GitLab CVE-2023-7028 CVE-2023-5356, GitLab Enterprise Edition, GitLab Patches, GitLab Security, GitLab Vulnerability, NSA/CISA, Password reset, Password reset protection, SB Blogwatch, software supply chain, software supply chain attack, software supply chain attacks, software supply chain risk, Software Supply Chain risks, Supply-Chain Insecurity
Password reset FAILURE: The U.S. Cybersecurity and Infrastructure Security Agency warns GitLab users of a 100-day-old, maximum severity vulnerability ...
Security Boulevard
Closeup of person going “Shhh!”

PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found

| | code reuse, open source software supply chain security, PyPI, PyPI malicious packages, pypi vuln, pypi vulnerability, python, Python Malware, Python Packages, Python vulnerability, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, Software supply chain management, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, Software Supply Chain Security Weaknesses, typosquat, Typosquatting, typosquatting attacks
Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...
Security Boulevard
vulnerability management, thrat, Jenkins CI/CD vulnerability

Threat Groups Rush to Exploit JetBrains’ TeamCity CI/CD Security Flaws

| | BianLian, CI/CD Security, Ransomware, software supply chain attacks
The cyberthreats to users of JetBrains’ TeamCity CI/CD platform continue to mount a week after the company issued two fixes to security vulnerabilities, with one cybersecurity vendor noting a ransomware attack that ...
Security Boulevard
vulnerabilities, root cause, Microsoft Storm-1152 fake accounts CaaS

Russian Hackers Access Source Code in Ongoing Attack on Microsoft

| | Cybersecurity, Microsoft, software supply chain attacks
The Russian state-sponsored bad actors who hacked into the corporate email accounts of executives at Microsoft are taking another run at the IT giant, this time using information stolen then to access ...
Security Boulevard
A fork, wrapped in delicious pasta

GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL

| | Apiiro, App Sec & Supply Chain Security, AppSec & Supply Chain Security, dependency confusion, dependency confusion attacks, GitHub, github application security, github bug, GitHub Exploit, GitHub repositories, GitHub Security Measures, github security scanning, GitHub Security Vulnerabilities, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, repo confusion, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain automation, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Weaknesses, supply chain, supply chain security, Supply-Chain Insecurity
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...
Security Boulevard

GitLab Security Patches: Safeguarding Your Data

| | code security, continuous-integration, Cyber Threats, Cybersecurity, Cybersecurity News, data integrity, DevOps Security, GitLab Security, GitLab Vulnerability, security best practices, security patches, software supply chain attacks, Vulnerability Management
GitLab recently released critical security upgrades in order to improve the security of its widely used open-source code repository and DevOps collaborative software development platform. These GitLab security patches are intended to ...
TuxCare
Load more