Major Increase in Ransomware Attacks Targeting Europe, Warns New Report
Analysis of ransomware incidents by researchers at Black Kite found that attacks have risen by over 50% in the last year, with supply chain attacks increasing
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Analysis of ransomware incidents by researchers at Black Kite found that attacks have risen by over 50% in the last year, with supply chain attacks increasing
GitHub access sales, leaked repositories, and stolen API keys can all become supply-chain attack footholds. Flare explores how underground forums expose early signals tied to software supply-chain risk. [...]
Former Officials, Tech Groups Say Anthropic Designation Is Illegal - and DangerousFormer U.S. defense and intelligence officials argue the Pentagon's designation of Anthropic as a supply-chain risk was politically motivated and legally flawed, warning it could erode trust in government contracting and weaken the defense AI ecosystem.
AI Dependency Attack Reportedly Exposes Data and Source CodeA LiteLLM supply-chain compromise enabled attackers to harvest credentials and access internal environments at scale at Mercor. The firm was the first to confirm a LiteLLM breach, and researchers are warning about growing AI system exposure and limited visibility.
Attackers compromised the open-source security tool and published malicious versions of the software. Mandiant warns the fallout could impact up to 10,000 downstream victims. The post Experts warn of a ‘loud and aggressive’ extortion wave following Trivy hack appeared first on CyberScoop.
New Filing Frames Anthropic Dispute as Operational Control Issue - Not Free SpeechThe Justice Department is arguing in a new court filing that Anthropic's ability to update guardrails and behavior post-deployment creates unacceptable supply-chain risks, warning that vendor access to AI systems could enable manipulation or failure in mission-critical defense operations.
Defense Contractors May Be Forced to Remove Claude From Pentagon ProgramsThe Pentagon labeled Anthropic a supply-chain risk after accusing the artificial intelligence firm of restricting military use of its tools, a move that could force defense contractors to cut ties with Claude as the company prepares a legal challenge and the tech sector warns of wider fallout.
Nation State Hackers Escalating Attacks on US Defense Industrial Base, Report SaysA new report from Google Threat Intelligence Group warns that state-backed hackers are escalating attacks on the defense industrial base, shifting from classic espionage to supply-chain compromise, workforce infiltration and battlefield-adjacent cyber operations.
Top Lawmaker Urges White House to Review Foreign Influence in Open-Source CodeA top Republican in the U.S. Senate warned the White House that foreign adversaries are exploiting trusted open-source software used across federal networks and defense systems, urging the National Cyber Director to lead efforts to monitor contributors and reduce supply chain risk.
Foundations say billions of downloads rely on registries running on fumes – and someone's gotta pay the bills The Open Source Security Foundation (OpenSSF) has had enough of being the unpaid janitor of the world's software supply chain.…
Wiz Security warns that a recently discovered supply chain attack campaign targeting npm is far from over
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog
Microsoft warns that Chinese cyber-espionage threat group 'Silk Typhoon' has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. [...]
Microsoft is warning the modular and potentially wormable Apple-focused infostealer boasts new capabilities for obfuscation, persistence, and infection, and could lead to a supply chain attack.
Threat actor exploited phishing and OAuth abuse to inject malicious code Cybersecurity outfit Sekoia is warning Chrome users of a supply chain attack targeting browser extension developers that has potentially impacted hundreds of thousands of individuals already.…
National Security and Hacking Worries Underpin Concerns over Supply Chain RiskThe U.S. federal government is telling the automotive industry to stop buying Chinese manufactured hardware and software powering onboard telematics and automated driving systems, warning that the potential for nation-state hacking and espionage poses a national security risk.
Supply chain management firm Blue Yonder is warning that a ransomware attack caused significant disruption to its services, with the outages impacting grocery store chains in the UK. [...]
LottieFiles has revealed that its npm package "lottie-player" was compromised as part of a supply chain attack, prompting it to release an updated version of the library
Cybersecurity researchers are warning about the security risks in the machine learning (ML) software supply chain following the discovery of more than 20 vulnerabilities that could be exploited to target MLOps platforms
New report warns of escalating hardware supply chain attacks, with 19% of organizations impacted and nearly all IT leaders expecting nation-state involvement