Collaborate Disseminate
Two new products aim to secure the traditional OSS supply chain, and the new AI model software supply chain.
The post New Offerings From Protect AI, Venafi Tackle Software Supply Chain Security appeared first on SecurityWeek.
Continue reading New Offerings From Protect AI, Venafi Tackle Software Supply Chain Security
Kusari has raised $8 million to help organizations gain visibility into and secure their software supply chain.
The post Software Supply Chain Security Startup Kusari Raises $8 Million appeared first on SecurityWeek.
Continue reading Software Supply Chain Security Startup Kusari Raises $8 Million
Quarkslab finds serious, remotely exploitable vulnerabilities in EDK II, the de-facto open source reference implementation of the UEFI spec.
The post Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation appeared first on … Continue reading Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation
Researchers detail a CI/CD attack leading to PyTorch releases compromise via GitHub Actions self-hosted runners.
The post New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise appeared first on SecurityWeek.
Continue reading New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise
Self-hosted GitHub Actions runners could allow attackers to inject malicious code into repositories, leading to supply chain attacks.
The post Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack appeared first on Se… Continue reading Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack
NSA has published guidance to help organizations incorporate SBOM to mitigate supply chain risks.
The post NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity appeared first on SecurityWeek.
Continue reading NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity
US, UK, and Poland warn of Russia-linked cyberespionage group’s broad exploitation of recent TeamCity vulnerability.
The post Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies appeared first on SecurityWeek.
Continue reading Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies
North Korean hackers breached a Taiwanese company and used its systems to deliver malware to the US, Canada, Japan and Taiwan in a supply chain attack.
The post North Korean Software Supply Chain Attack Hits North America, Asia appeared first on Secur… Continue reading North Korean Software Supply Chain Attack Hits North America, Asia
Researchers at Aqua call urgent attention to the public exposure of Kubernetes configuration secrets, warning that hundreds of organizations are vulnerable to this “ticking supply chain attack bomb.”
The post Researchers Discover Dangerous Exposure of… Continue reading Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets
CISA, NSA, and ODNI issue new guidance on managing open source software and SBOMs to maintain awareness on software security.
The post US Government Issues Guidance on SBOM Consumption appeared first on SecurityWeek.
Continue reading US Government Issues Guidance on SBOM Consumption