Big,Data.,Business,And,Digital,Technologies.,Data,Flow,In,A

Articles by Topic:

Supply Chain Risks

UNC6783 social engineering cybersecurity https://www.pexels.com/photo/close-up-of-hands-typing-on-laptop-keyboard-indoors-36175215/
UNC6783 Is Turning Enterprise Support Channels into Extortion Entry Points
April 24, 2026
Google Threat Intelligence Group (GTIG) says a financially motivated threat cluster it tracks as UNC6783 is targeting business process outsourcers, help desks, and other enterprise support teams as an entry point into larger organizations. The…
Read More >
Axios code software supply chain https://www.pexels.com/search/software%20code%20supply%20chain/?orientation=landscape&people_count=0
The Axios Supply Chain Attack and What It Reveals About Open Source's Invisible Risk
April 17, 2026
In modern cybersecurity, open-source tools can often provide the perfect avenue for attackers due to widespread access and dependencies. The Axios promise-based HTTP client is present in around 80% of cloud and code environments, making…
Read More >
Salesforce ShinyHunters
Cybercrime Group Targets Salesforce Misconfigurations
March 23, 2026
A renewed cyberattack campaign on Salesforce by the cybercrime group ShinyHunters highlights a key consideration for security teams. Simple configuration mistakes can expose enterprise data—at scale. As this recent campaign unfolded, Salesforce warned customers about…
Read More >
WinRAR patched vulnerability
A Patched Flaw Still Opening Doors: Inside the WinRAR Exploit Surge
February 06, 2026
Months after it was patched, a path traversal flaw in WinRAR (CVE-2025-8088) is still being actively exploited, according to Google’s Threat Intelligence Group. The vulnerability was fixed in July 2025, but many users haven’t updated,…
Read More >
Nezha open-source backdoor
When Legitimate Tools Become Perfect Backdoors
January 09, 2026
The modern threat landscape shows developments in attack tactics that change the scope of what attackers can do with various tools. Recent advances have demonstrated that threat actors no longer need custom malware to establish…
Read More >
software supply chain risk ai code
As AI Rewrites Software Supply Chains, Security Fails to Keep Pace
December 30, 2025
AI-assisted coding has crossed the line from experimental to essential. According to new research from Black Duck, nearly every organization now relies on AI tools to generate software code. This creates a big problem! Security…
Read More >
ShadyPanda supply chain cybersecurity
The Seven-Year Extension Supply-Chain Attack Hiding in Plain Sight
December 17, 2025
A threat actor known as ShadyPanda, which carried out two cyberthreat operations with a scope of seven years, has been identified by researchers at endpoint security company Koi. The campaigns notably take advantage of browser…
Read More >
North Korea Contagious Interview npm
North Korea’s “Contagious Interview” Malware Floods npm With 200 New Packages
December 16, 2025
North Korea’s Contagious Interview operators have ramped up their campaign against software developers, pushing nearly 200 new malicious packages into the npm registry in the past month alone. According to research from Socket, the packages…
Read More >
GitLab prompt injection
GitLab’s AI Vulnerability Highlights the Dark Side of Prompt Injection
December 01, 2025
GitLab recently released new versions (18.5.2, 18.4.4, 18.3.6) of GitLab Community Edition (CE) and Enterprise Edition (EE) as an emergency patch for several new vulnerabilities. One of these vulnerabilities can enable attacks taking advantage of…
Read More >
cargo theft supply chain Proofpoint
How Cybercriminals Are Turning Remote Access into Real-World Cargo Theft
November 11, 2025
Technological advances and evolving cybercriminal tactics are creating a new landscape of attacks, with updated goals and consequences. Whereas cybercrime traditionally has focused on more abstract aims—though still with significant real-life impacts—like data theft and…
Read More >
telecom Europe Salt Typhoon Citrix
China Hackers Exploit Citrix Gateway to Breach European Telecom
November 03, 2025
Cybersecurity programs typically focus on protecting core applications and digital assets. But what if the bad guys start targeting trusted defensive measures? This was the case as reported by Darktrace, a cybersecurity platform provider. Its…
Read More >
SBOM software supply chain
Why a Shared SBOM Vision Could Be the Key to Securing the Software Supply Chain
September 23, 2025
In an era of increasingly interconnected digital landscapes, the software supply chain is a crucial area to secure, affecting organizations across all sectors. Software supply chain attacks are on the rise among modern threats, and…
Read More >
npm worm supply chain credential theft
How a Self-Propagating npm Attack Is Hunting Developer Secrets
September 23, 2025
A developer runs a routine update, the kind that happens dozens of times a week. Nothing unusual flashes on the screen. But buried inside the new package is a hidden file called bundle.js. The moment…
Read More >
NPM open source breach
Crypto-Stealing Code Slips Into NPM
September 12, 2025
Josh Junon, a software developer and maintainer, revealed on social media this week that his account had been compromised and 18 of his popular JavaScript packages tampered with. The malicious updates injected code designed to…
Read More >
Black Duck embedded software supply chain AI
AI Risks and Supply Chain Demands Redefine the Future
September 06, 2025
The embedded software industry is in the middle of a major reset. According to Black Duck’s State of Embedded Software Quality and Safety 2025 report, AI tools are changing how code is written, tested, and…
Read More >
Workday social engineering breach
Workday Breach Highlights Expanding Wave of Social Engineering Attacks
September 02, 2025
Social engineering, while an age-old tactic of cybercriminals, is by no means outdated or ineffective in modern environments. Threat actors continue to rely on deceptive methods and take advantage of the human element to cause…
Read More >
memory-safe languages MSLs
Why Memory-Safe Languages Are Now a National Security Priority
July 07, 2025
The United States Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) recently published a joint guide, “The Case for Memory Safe Roadmaps: Why Both C-Suite Executives and Technical Experts Need to Take…
Read More >
SentinelOne cyber espionage
How SentinelOne Thwarted Cyber Espionage Attempts
June 28, 2025
SentinelOne recently revealed that it was the target of a failed cyber espionage operation carried out by China-linked threat actors. This case is a rare example where a cybersecurity firm itself became the focus of…
Read More >
Subscribe for the Latest News
Webinars
Scaling Code Security for Builders Beyond Developer-First
Register Now
Cyber Resilience in Action: How IBM and Index Engines Deliver a Detection-to-Recovery Pipeline
Register Now
Passwordless Authentication: A Practical Approach to Modernizing Access
Register Now