Malicious Code Hits ‘tj-actions/changed-files’ in 23,000 GitHub Repos
GitHub security alert: Malicious code found in ‘tj-actions/changed-files,’ impacting 23K+ repos. Learn how to check, remove, and protect…
supply chain
100 Car Dealerships Hit by Supply Chain Attack
The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise.
The post 100 Car Dealerships Hit by Supply Chain Attack appeared first on SecurityWeek.
Popular GitHub Action Targeted in Supply Chain Attack
The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.
The post Popular GitHub Action Targeted in Supply Chain Attack appeared first on SecurityWeek.
UK Government Report Calls for Stronger Open Source Supply Chain Security Practices
Report from the Department for Science, Innovation & Technology (DSIT) finds weaknesses in current practices.
The post UK Government Report Calls for Stronger Open Source Supply Chain Security Practices appeared first on SecurityWeek.
Billions of Devices at Risk of Hacking & Impersonation Due to Hidden Commands
Researchers warn these commands could be exploited to manipulate memory, impersonate devices, and bypass security controls.
Trump’s Tariffs Could Help Tesla, by Hurting Its Rivals More
The electric car company led by Elon Musk builds all the cars it sells in the United States in California and Texas, shielding it from tariffs that could devastate competitors.
Trump’s Tariffs Could Help Tesla, by Hurting Its Rivals More
The electric car company led by Elon Musk builds all the cars it sells in the United States in California and Texas, shielding it from tariffs that could devastate competitors.
China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain
Silk Typhoon APT caught using IT supply chain entry points to conduct reconnaissance, siphon data, and move laterally on victim networks.
The post China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain appeared first on SecurityWeek.
How Trump and Biden Pursued Critical Minerals in Ukraine, Greenland and Other Countries
China dominates in critical minerals, and President Trump has turned to high-pressure tactics to acquire them.
Duo Wins $50K Bug Bounty for Supply Chain Flaw in Newly Acquired Firm
Researchers earned a $50,500 Bug Bounty after uncovering a critical supply chain flaw in a newly acquired firm,…