supply chain
Why the 2025 PyPI Attack Signals a New Era in Cloud Risk
The 2025 PyPI supply chain attack is a stark reminder of just how vulnerable cloud ecosystems remain to sophisticated, stealthy, and evolving threats ...
CMMC is Here: Simplifying Compliance with EnclavesÂ
A joint blog featuring CISO Global’s Compliance Team & PreVeil The long-anticipated CMMC rule (CFR 32) is now live, marking a crucial turning point for defense contractors. The Compliance Team at CISO ...
Delivering Malware Through Abandoned Amazon S3 Buckets
Here’s a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. These buckets contained software libraries that are still ...
Insights from the DeepSeek Malicious Software Package Incident: Why Software Supply Chain Security Matters in Global AI Technology Competition
Background With the widespread application of AI technology, software supply chains are facing more complex and diverse security threats. Since January 2025, DeepSeek, as an emerging force in China’s AI industry, has ...
Celebrating our 2024 open-source contributions
While Trail of Bits is known for developing security tools like Slither, Medusa, and Fickling, our engineering efforts extend far beyond our own projects. Throughout 2024, our team has been deeply engaged ...
Exploited! Kerio Control’s HTTP Response Splitting Vulnerability (CVE-2024-52875)
IONIX is tracking CVE-2024-52875 and related vulnerabilities for Kerio Control: This post is based on ongoing security research – and will continue to be updated as we get additional information… What is ...
Ultralytics Supply-Chain Attack
Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary: On December 4, a malicious version 8.3.41 of the popular AI library ultralytics —which has ...
Exploited! NuPoint Unified Messaging (NPM) Component of Mitel MiCollab
IONIX is tracking CVE-2024-41713 and related vulnerabilities for Mitel MiCollab NPM: This post is based on ongoing security research – and will continue to be updated as we get additional information… What ...
Cybersecurity is Everyone’s Responsibility
In our digital age, cybersecurity is a shared mission. Each of us has a part to play. By staying informed, adopting best practices and remaining alert, we can all contribute to a ...
The Global Effort to Maintain Supply Chain Security | Part Two
Various Cybersecurity Experts, CISO Global A well-run kitchen requires a fully stocked pantry and a clear understanding of what’s on hand. In cybersecurity, your pantry is your asset inventory—every server, every piece ...
