More results...
OPINION — China is conducting intelligence operations in the Netherlands that are targeting key industrial sectors including semiconductors, aerospace and maritime technology, Dutch Defense Minister Ruben Brekelmans recently warned. Dutch national sec…
Malicious npm packages found with hidden endpoints that wipe systems on command. Devs warned to check dependencies for express-api-sync, system-health-sync-api.
A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.
The post React Native Aria Packages Backdoored in Supply Chain Attack appeared first on SecurityWeek.
ASML, the Dutch company that makes multimillion-dollar tools to manufacture advanced semiconductors, is grappling with the repercussions of a tech trade war.
Instead of battling over tariffs, Washington and Beijing have turned to a potentially far more harmful strategy: flexing their control over global supply chains.
Vet is an open source tool designed to help developers and security engineers spot risks in their software supply chains. It goes beyond traditional software composition analysis by detecting known vulnerabilities and flagging malicious packages. Vet s…
Checkmarx uncovers cross-ecosystem attack: fake Python and NPM packages plant backdoor on Windows and Linux, enabling data theft plus remote control.
32% of security professionals think they can deliver zero-vulnerability software despite rising threats and compliance regulations, according to Lineaje. Meanwhile, 68% are more realistic, noting they feel uncertain about achieving this near impossible…
President Trump has stopped some critical products and technologies made only in the United States from flowing to China, flexing the government’s power over global supply chains.
ReversingLabs discovers new malware hidden inside AI/ML models on PyPI, targeting Alibaba AI Labs users. Learn how attackers…