Malware Hidden in AI Models on PyPI Targets Alibaba AI Labs Users
ReversingLabs discovers new malware hidden inside AI/ML models on PyPI, targeting Alibaba AI Labs users. Learn how attackers…
supply chain
4.5% of breaches now extend to fourth parties
Security teams can no longer afford to treat third-party security as a compliance checkbox, according to SecurityScorecard. Traditional vendor risk assessments, conducted annually or quarterly, are too slow to detect active threats. 35.5% of all breach…
Chinese Hackers Hit Drone Sector in Supply Chain Attacks
The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector.
The post Chinese Hackers Hit Drone Sector in Supply Chain Attacks appeared first on SecurityWeek.
For U.S. Defense Industry, These Minerals Really are ‘Critical’
DEEP DIVE – Coverage of the U.S.-China tariff war has focused on the impact for consumers – the potential for spikes in the prices of […] More
The post For U.S. Defense Industry, These Minerals Really are ‘Critical’ appeared first on The Cipher Brief.
Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack
Supply chain attack compromises the popular rand-user-agent NPM package to deploy and activate a backdoor.
The post Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack appeared first on SecurityWeek.
As Tensions Rise With Pakistan, a Moment of Truth for India’s Military
The risk of exposing a military still being modernized may constrain Prime Minister Narendra Modi as he weighs retaliation for a terrorist attack.
Manifest Raises $15 Million for SBOM Management Platform
Software and AI supply chain transparency firm Manifest has raised $15 million in a Series A funding round led by Ensemble VC.
The post Manifest Raises $15 Million for SBOM Management Platform appeared first on SecurityWeek.
Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation
The cash infusion brings Chainguard’s total funding to about $612 million since launching in 2021 and prices the company at $3.5 billion.
The post Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation appeared first on SecurityWeek.
The popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack
The xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack aimed at stealing users’ private keys. Threat actors compromised the Ripple cryptocurrency npm JavaScript library xrpl.js to harvest users’ private keys. xrpl.js is the recommended library for integrating a JavaScript/TypeScript app with the XRP, it has more than 140.000 weekly downloads. Hundreds of thousands of […]
AI Hallucinations Create a New Software Supply Chain Threat
Researchers uncover new software supply chain threat from LLM-generated package hallucinations.
The post AI Hallucinations Create a New Software Supply Chain Threat appeared first on SecurityWeek.