supply chain Archives

CrowdStrike Glassworm Takedown Exposes Developer Supply Chain Risk

Jaime Hampton | May 28, 2026 | C2, CrowdStrike, GlassWorm, supply chain

CrowdStrike announced it has taken down the Glassworm botnet, a global threat campaign attacking software developers through open source tools. The company simultaneously struck Glassworm’s four command-and-control (C2) channels alongside collaborators Google ...

Security Boulevard

The Real Power of Resilience with Dell Technologies

Tom Hollingsworth | May 27, 2026 | Dell Technologies, IT, Resilience, security, supply chain

Organizations currently overspend on preventative security by about 78% compared to operational resilience. We have spent decades building taller walls and stronger locks to keep threat actors out of the data center ...

Security Boulevard

The Extension Blind Spot: How One VS Code Plugin Gave Attackers GitHub’s Source Code

Jacob Krell | May 20, 2026 | Cybersecurity, Developer Security, GitHub Breach, supply chain

GitHub's 3,800 Repositories Stolen Through a Single IDE Extension On May 19, 2026, a single VS Code extension on a single employee's device gave attackers access to 3,800 of GitHub's internal repositories ...

Security, Decoded: Insights from Suzu Labs

Xinference PyPI Supply Chain Poisoning Warning

NSFOCUS | April 24, 2026 | Blog, Emergency Response, PyPI, supply chain, supply chain poisoning, Xinference, Xorbits Inference

Overview Recently, NSFOCUS CERT detected that Xinference had suffered supply chain poisoning in its PyPI warehouse. The attacker stole the PyPI release permission credentials of Xinference maintainers and released three consecutive malicious ...

NSFOCUS

Axios supply chain attack chops away at npm trust

Malwarebytes | March 31, 2026 | Axios, SBN News, supply chain

Developers using the axios package from npm may have downloaded a malicous version that drops a Remote Access Trojan ...

Malwarebytes

BPFdoor in Telecom Networks: The FCC Is Securing the Edge, but China’s Hackers Are Already Past It

Mike Bell | March 26, 2026 | APT, BPF door, China-nexus, Critical Infrastructure, dark web, Kernel Implant, nation-state, Red menshen, Salt Typhoon, security, supply chain, Telecom

Rapid7's research reveals China-linked kernel implants deep inside telecom signaling infrastructure. Here's what BPFdoor is, how it evolved, and what defenders need to do now ...

Security, Decoded: Insights from Suzu Labs

What the UK Cyber Security & Resilience Bill Means for Security Practitioners

SecurityExpert | March 25, 2026 | data centres, MSP, NCSC, NIS, NIS2, supply chain

The UK Cyber Security & Resilience Bill is progressing through Parliament Royal Assent expected later in 2026.The UK's Cyber Security and Resilience Bill is working its way through Parliament, and if you ...

IT Security Expert Blog | Cybersecurity News, Breaches & Security Analysis

What the UK Cyber Security & Resilience Bill Means for Security Practitioners

SecurityExpert | March 25, 2026 | data centres, MSP, NCSC, NIS, NIS2, supply chain

IT Security Expert Blog | Cybersecurity News, Breaches & Security Analysis

Destructive Activity Targeting Stryker Highlights Emerging Supply Chain Risks

Flashpoint | March 12, 2026 | cyber threat intelligence, supply chain

On March 11th, medical technology company Stryker disclosed that a cyberattack had disrupted portions of its global network infrastructure, affecting Microsoft systems used across the organization. The post Destructive Activity Targeting Stryker ...

Threat Intelligence Blog | Flashpoint

Internal Analysis: Even Realities G2 Smart Glasses Security & Privacy Investigation

Suzu Labs Intelligence | March 9, 2026 | insider threat, Offensive Security, Penetration Testing, , supply chain, Vulnerability Management, Wearable Tech

Executive Summary Even Realities markets its G2 smart glasses as the privacy-conscious alternative to Meta Ray-Bans. The core pitch: no camera, no speakers, no visual surveillance. Tech media has accepted this framing ...

Security, Decoded: Insights from Suzu Labs

supply chain

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On