The Federal Bureau of Investigation (FBI) has issued a FLASH on the cybercriminal group TeamPCP, which has carried out large-scale software supply chain compromises by targeting widely used developers ...
The FBI has warned that TeamPCP compromised trusted developer tools to steal cloud credentials, deploy malware, extort ...
The FBI warned that TeamPCP software supply chain attacks targeted developer tools to steal cloud credentials, SSH keys, and ...
The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn't abuse them to publish ...
GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
AI agents, prompts, and MCP tools now shape software builds, forcing teams to track provenance beyond packages and generated ...
Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
When AI-assisted vulnerability discovery makes it dramatically easier to identify weaknesses hidden inside modern dependency ...
Secure software supply chain solution provider Chainguard Inc. today expanded its Chainguard Repository product with malware ...
The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was created ...
Over the past several years, software supply chain security and maintenance have become a cornerstone of national security. From George W. Bush to Joe Biden, each presidency has faced its ...
As software supply chains grow increasingly interconnected, security threats continue to evolve. While common risks like third-party vulnerabilities and dependency issues are well-known, less-common ...