software supply chain attacks Archives

Microsoft Expands its Bug Bounty Program to Include Third-Party Code

Jeffrey Burt | December 12, 2025 | Artificial Intelligence (AI), Cloud computing security, log4jShell, Microsoft, microsoft bug bounty, open source software supply chain, React2Shell Attack, software supply chain attacks, SolarWinds Attacks, Third Party Risk

In a nod to the evolving threat landscape that comes with cloud computing and AI and the growing supply chain threats, Microsoft is broadening its bug bounty program to reward researchers who ...

Security Boulevard

SolarWinds supply chain cybersecurity Unisys Avaya Check Point Mimecast fines

SEC Dismisses Remains of Lawsuit Against SolarWinds and Its CISO

Jeffrey Burt | November 21, 2025 | Securities and Exchange Commission, software supply chain attacks, SolarWinds cybersecurity breach, Sunburst malware

The SEC dismissed the remain charges in the lawsuit filed in 2023 against software maker SolarWinds and CISO Timothy Brown in the wake of the massive Sunburst supply chain attack, in which ...

Security Boulevard

#Pixnapping: Android Timing Attack Sends Google Back to the Drawing Board

Richi Jennings | October 14, 2025 | android, Android 16, Android Application Hacking, Android attack, CVE-2025-48561, google, Pixnapping, Rowhammer, SB Blogwatch, Side-Channel, side-channel attack, side-channel attacks, software supply chain, software supply chain attack, software supply chain attacks

If at first you don’t succeed: Researchers discover a new way to steal secrets from Android apps ...

Security Boulevard

The New Perimeter is Your Supply Chain

Alan Shimel | September 26, 2025 | CI/CD pipeline compromise, Cloud-Native Application Security, cloud-native perimeter security, CNAPP security, DevOps Security, SBOM security, Sigstore provenance, SLSA Framework, software supply chain attacks, supply chain risk management

Alan examines why the software supply chain has become the new perimeter in cloud-native security. From SBOMs to SLSA and Sigstore, discover how leaders can defend against attacks that target dependencies, pipelines ...

Security Boulevard

Imperva’s Wildest 2025 AppSec Predictions

David Holmes | January 3, 2025 | AI, API security, Application Security, AppSec, GenAI, predictions, software supply chain attacks

Humans are spectacularly bad at predicting the future. Which is why, when someone appears to be able to do it on a regular basis, they are hailed as visionaries, luminaries and celebrated ...

Blog

A ballet dancer sitting with her head in her hands

‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought

Richi Jennings | July 5, 2024 | App Sec & Supply Chain Security, AppSec & Supply Chain Security, CloudFlare, Funnull, Javascript, Modern Software Supply Chains, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, polyfill, SB Blogwatch, secure software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, Supply-Chain Insecurity

Spackle attack: Chinese company takes over widely used free web service—almost 400,000 websites at risk ...

Security Boulevard

Imperva Client-Side Protection Mitigates the Polyfill Supply Chain Attack

Erez Hasson | July 1, 2024 | Application Security, Client-Side Protection, imperva, polyfill, software supply chain attacks

The recent discovery of a website supply chain attack using the cdn.polyfill.io domain has left many websites vulnerable to malicious code injection. Once a trusted resource for adding JavaScript polyfills to websites, ...

Blog

A flock of ostriches (or is it a troop?)

software supply chain attacks

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On