More results...
A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.
The post React Native Aria Packages Backdoored in Supply Chain Attack appeared first on SecurityWeek.
Security firm Socket warns flags a campaign targeting NPM users with tens of malicious packages that can hijack system information.
The post Ongoing Campaign Uses 60 NPM Packages to Steal Data appeared first on SecurityWeek.
The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector.
The post Chinese Hackers Hit Drone Sector in Supply Chain Attacks appeared first on SecurityWeek.
As Xi Jinping advances his vision for China’s dominance by 2049, cybersecurity experts warn that connected technologies—like EV batteries—may quietly serve as tools of influence, espionage, and disruption.
The post China’s Secret Weapon? How EV B…
The cash infusion brings Chainguard’s total funding to about $612 million since launching in 2021 and prices the company at $3.5 billion.
The post Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation appeared first on SecurityWeek.
The funding round brings the total amount raised by the NetRise to roughly $25 million.
The post NetRise Raises $10 Million to Grow Software Supply Chain Security Platform appeared first on SecurityWeek.
The flaw, tagged as CVE-2025-30406, was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog in early April.
The post Huntress Documents In-The-Wild Exploitation of Critical Gladinet Vulnerabilities appeared first on SecurityWeek.
Researchers uncover new software supply chain threat from LLM-generated package hallucinations.
The post AI Hallucinations Create a New Software Supply Chain Threat appeared first on SecurityWeek.
Threat actors are publishing malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers.
The post Malicious NPM Packages Target Cryptocurrency, PayPal Users appeared first on SecurityWeek.
Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.
The post Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack appeared first on SecurityWeek.