ReversingLabs 2026 Software Supply Chain Security Report Identifies 73% Increase in Malicious Open-Source Packages

According to the firm’s latest supply chain security report, there was a 73% increase in detections of malicious open-source packages in 2025. The past year also saw a huge jump in the scope of ...
HHS

Supply Chain Attacks Really Are Surging

Threat intelligence firm Cyble said such attacks occurred, on average, nearly 13 times per month last year, from February through September 2024. Starting in October, they surged to nearly 16 per ...
Bleeping Computer

‘PlushDaemon’ hackers hijack software updates in supply-chain attacks

A China-linked threat actor tracked as 'PlushDaemon' is hijacking software update traffic using a new implant called EdgeStepper in cyberespionage operations. Since 2018, PlushDaemon hackers have ...
InfoWorld

Possible software supply chain attack through AWS CodeBuild service blunted

Wiz researchers investigated and found the core of the flaw, a threat actor ID bypass due to unanchored regexes, and notified ...
Ars Technica

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to be the world’s biggest supply-chain attack ever. “Sorry everyone, I should ...
DataBreachToday

Webinar | Software Supply Chain Security: More Than Open Source

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use ...
Ars Technica

Supply-chain attacks on open source software are getting out of hand

It has been a busy week for supply-chain attacks targeting open source software available in public repositories, with successful breaches of multiple developer accounts that resulted in malicious ...
Hosted on MSN

Software supply chain attacks pose huge dangers - here's how to bolster your defenses

65% of organizations faced supply chain attacks in the past year GenAI adoption worsens risks; only 24% analyze AI-generated code for security or IP issues Compliance and continuous automation improve ...
ZDNet

5 ways to spot software supply chain attacks and stop worms - before it's too late

Shai-Hulud is the worst-ever npm JavaScript attack. This software supply chain worm attack is still ongoing. Here are some ways you can prevent such attacks. For those of you who aren't Dune fans, ...
Forbes

The Evolution Of Supply Chain Security

Over the past several years, software supply chain security and maintenance have become a cornerstone of national security. From George W. Bush to Joe Biden, each presidency has faced its ...
CoinTelegraph

What is a supply chain attack in crypto and how to prevent it?

What is a supply chain attack in crypto? A supply chain attack in the crypto domain is a cyberattack where hackers target third-party components, services or software that a project relies on instead ...