8 Malicious NPM Packages Stole Chrome User Data on Windows
JFrog researchers found eight malicious NPM packages using 70 layers of obfuscation to steal data from Chrome browser…
supply chain
Thousands of Developer Credentials Stolen in macOS “s1ngularity” Attack
A supply chain attack called “s1ngularity” on Nx versions 20.9.0-21.8.0 stole thousands of developer credentials. The attack targeted…
Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack
With more than 4 million weekly downloads, the Nx build platform became the first known supply chain breach where hackers weaponized AI assistants for data theft.
The post Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attac…
A $45 Treatment Can Save a Starving Child. US Aid Cuts Have Frozen the Supply
The dismantling of U.S.A.I.D. has disrupted the global supply chain that provides a therapeutic food, leaving thousands of malnourished children at risk of dying.
How Brandolini’s law informs our everyday infosec reality
Brandolini’s law, also known as the “bullshit asymmetry principle”, is simple but devastating: “The amount of energy needed to refute bullshit is an order of magnitude bigger than to produce it.” While it’s often thrown around in poli…
Pentesting is now central to CISO strategy
Security leaders are rethinking their approach to cybersecurity as digital supply chains expand and generative AI becomes embedded in critical systems. A recent survey of 225 security leaders conducted by Emerald Research found that 68% are concerned a…
New Tariff on ‘Transshipped’ Goods Mystifies Importers
The Trump administration levied a hefty tariff on goods that are moved through other countries, but it has not yet fully explained its plans.
Third-party partners or ticking time bombs?
In this Help Net Security video, Ngaire Elizabeth Guzzetti, Technical Director Supply Chain at CyXcel, discusses why a third of U.S. organizations don’t trust third-party vendors to manage critical risks and what that means for supply chain secur…
Cybersecurity and the development of software-defined vehicles
In many automotive companies, the same systems-engineering teams are responsible for both safety and security. As a result, cybersecurity is treated as a subset of safety, undergirded by an implicit assumption: “If it’s safe, it must be secure.” But th…
AIBOMs are the new SBOMs: The missing link in AI risk management
In this Help Net Security interview, Marc Frankel, CEO at Manifest Cyber, discusses how overlooked AI-specific risks, like poisoned training data and shadow AI, can lead to security issues that conventional tools fail to detect. He explains how AI Bill…