More results...
Software and AI supply chain transparency firm Manifest has raised $15 million in a Series A funding round led by Ensemble VC.
The post Manifest Raises $15 Million for SBOM Management Platform appeared first on SecurityWeek.
The cash infusion brings Chainguard’s total funding to about $612 million since launching in 2021 and prices the company at $3.5 billion.
The post Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation appeared first on SecurityWeek.
The xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack aimed at stealing users’ private keys. Threat actors compromised the Ripple cryptocurrency npm JavaScript library xrpl.js to harvest users’ private keys. xrpl.js is the recommended library for integrating a JavaScript/TypeScript app with the XRP, it has more than 140.000 weekly downloads. Hundreds of thousands of […]
Researchers uncover new software supply chain threat from LLM-generated package hallucinations.
The post AI Hallucinations Create a New Software Supply Chain Threat appeared first on SecurityWeek.
Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.
The post Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack appeared first on SecurityWeek.
EXPERT INTERVIEWS — President Donald Trump’s sweeping tariffs have spared no nations, slammed several longtime allies, and sent global markets into a tailspin. They will likely […] More
The post Trump’s Tariffs Have National Security Implications Too appeared first on The Cipher Brief.
The common agricultural policy (CAP) already provides for measures to ensure a robust and fair food supply chain and strengthen the position of farmers.
More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause.
The post Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed appeared first on SecurityWeek.
Despite growing national security concerns and government restrictions, Chinese military-linked companies remain deeply embedded in the US digital supply chain, according to Bitsight. These organizations, many of which have been designated by the US De…
The GitHub Action tj-actions/changed-files was compromised, enabling attackers to extract secrets from repositories using the CI/CD workflow. Researchers reported that threat actors compromised the GitHub Action tj-actions/changed-files, allowing the leak of secrets from repositories using the continuous integration and continuous delivery CI/CD workflow. The tj-actions/changed-files GitHub Action is used in over 23,000 repositories, it automates workflows by […]