Security news aggregator

Latest coverage for Supply Chain

Stay informed on the latest in Supply Chain Information Security. Safeguard your business from threats originating in your supply chain network.

1115 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Supply Chain is the interconnected network of entities, people, processes, information, and resources involved in producing a product or service and delivering it to the end consumer. In the context of information security, this term highlights the emerging risks and vulnerabilities that can affect the security posture of an organization through its external partners, suppliers, and service providers.

Securing the supply chain is crucial because a single weak link can compromise the integrity and security of the entire system. As organizations often rely on third-party vendors for various components and services, ensuring these third parties adhere to stringent cybersecurity standards is vital. Supply chain security encompasses rigorous vendor risk assessments, continual monitoring for threats, and establishing robust incident response protocols that include third-party entities in the event of a breach.

With the increasing interconnectivity of systems, cyber attacks exploiting supply chain vulnerabilities have become more sophisticated, including software supply chain attacks where malicious code is inserted into legitimate software. Consequently, maintaining a secure supply chain is a critical aspect of an organization's overall cybersecurity strategy.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 1115 Filtered view

A large-scale npm supply chain attack compromised over 90 versions of @redhat-cloud-services packages, silently infecting CI/CD environments and developer systems. The malicious code steals credentials from GitHub, cloud platforms, and local machines, then spreads like a worm by republishing trusted packages. Discover how the attack works, what data is at risk, and the steps you can take to protect your organization. The post Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign appeared first on Microsoft Security Blog.

More from Microsoft Security Research 3 Jun 2026, 4:45 p.m. Incident · 4 stories Cloud Compromise Credentials Github Linux Malicious Code Microsoft Node.js Red Hat Supply Chain Theft Worm
Bank Info Security 21 hours, 46 minutes ago

AI Governance Playbook Calls for Enterprise Risk Controls

Healthcare Coordinating Council Highlights AI Risks, Potential Medical MishapsHealthcare organizations face an array of difficult cybersecurity, privacy, patient safety, supply chain and operational resiliency issues as they roll out artificial intelligence tools. A new Health Sector Coordinating Council playbook aims to help by providing a voluntary governance framework.

More from Bank Info Security 3 Jun 2026, 1:30 p.m. Incident · 3 stories Artificial Intelligence Council Critical Infrastructure Framework Healthcare Playbook Privacy Supply Chain Tools
Security Affairs 3 days, 8 hours ago

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 99

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ghost CMS Mass Compromised via CVE-2026-26980, Now Fueling ClickFix Attacks   TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io   RemotePE: The Lazarus RAT that lives […]

More from Security Affairs 1 Jun 2026, 2:53 a.m. Incident · 2 stories CVE-2026-26980 CVE Compromise Cryptocurrency Malware Node.js Remote Access Trojan Research Supply Chain

Suspected Russian Crime Group Built Resilient Command-and-Control InfrastructureIn a joint operation, CrowdStrike, Google and Shadowserver Foundation disrupted infrastructure used by the Glassworm cybercrime group, cutting off attackers from victims. The group has wielded a remote access Trojan to repeatedly target developers of widely used open-source software.

More from Bank Info Security 28 May 2026, 6:30 a.m. Incident · 7 stories Command and Control Crowdstrike Google Open Source Remote Access Trojan Russia Supply Chain Trojan Victims Widely Used

CrowdStrike has dismantled the Glassworm botnet in an operation aided by Google and Shadowserver, stripping the operators’ access to infrastructure that helped threat actors infect hundreds of pieces of open-source software with malware since early 2025, the company said Tuesday.  The coordinated effort involved the simultaneous takedown of four attacker-controlled servers that were designed to […] The post CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain appeared first on CyberScoop.

More from Cyber Scoop 28 May 2026, 1:35 a.m. Incident · 7 stories Botnet Crowdstrike Google Malware Open Source Supply Chain Threat Actor

CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions

More from The Hacker News 27 May 2026, 11:48 p.m. Incident · 7 stories Command and Control Crowdstrike Google Malware Outage Partnership Supply Chain

Funding at $1B Valuation Will Expand Controls Across Developer and AI EcosystemsSocket raised $60 million in a Thrive Capital-led Series C at a $1 billion valuation to expand its supply-chain security platform beyond package managers as AI coding tools increase enterprise exposure to malicious dependencies, browser extensions and developer tooling.

More from Bank Info Security 27 May 2026, 9:30 a.m. Incident · 4 stories Artificial Intelligence Exposure Supply Chain Tools

Supply-Chain Attack Uses Malicious GitHub Actions Workflow File to Steal SecretsMore than 5,000 GitHub repositories fell victim to an automated campaign, codenamed "Megalodon," in which an attacker injected malicious GitHub Actions that executed a script designed to steal development environment secrets, plus a variety of keys, tokens and other credentials, researchers said.

More from Bank Info Security 26 May 2026, 5:30 a.m. Incident · 4 stories Automation Credentials Github Research Supply Chain Theft Victims
Security Affairs 1 week, 3 days ago

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 98

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Popular node-ipc npm Package Infected with Credential Stealer  New Actors Deploy Shai-Hulud Clones: TeamPCP Copycats Are Here Active Supply Chain Attack Compromises @antv Packages on npm actions-cool/issues-helper GitHub Action Compromised: All Tags Point to […]

More from Security Affairs 25 May 2026, 12:11 a.m. Incident · 2 stories Compromise Credentials Github Infection Malware Node.js Research Supply Chain

A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub version tags to distribute malicious code through Composer packages. [...]

More from Bleeping Computer 24 May 2026, 8:48 a.m. Incident · 3 stories Credentials Exposure Github Malicious Code Malware Supply Chain Theft