Latest coverage for Supply Chain
Supply-chain attacks compromise trusted vendors or dependencies, potentially reaching downstream systems; verify provenance and limit access before deployment.
Refine the feed
Search across headline titles and summaries.
Tag briefing
Background for this topic.
Supply chain is the network of suppliers, software developers, service providers, components, and processes used to build and deliver an organization’s products or services. In a security threat model, it extends the trust boundary beyond the organization: a compromised supplier account, build system, software dependency, update mechanism, or hardware component can introduce malicious code, expose credentials, or undermine systems used by many customers.
Effective protection starts with mapping critical suppliers, dependencies, data flows, and access, then applying risk-based due diligence and least-privilege, segmented access. For software, maintain an inventory such as a software bill of materials, verify signed artifacts and update provenance where feasible, and monitor dependencies for vulnerabilities or unexpected changes. Contracts and technical controls should support timely notification and investigation. Response plans should cover revoking supplier access, isolating affected versions or integrations, determining exposure, and coordinating remediation with the provider.
Concerns Over Supply Chain Attacks on US Seaports Grow
US ports rely on cranes manufactured by a Chinese state-owned company, many with unmonitored cellular connections, causing cybersecurity concerns.
What's Next for Secure Communication After Exploding Pagers?
No OpSec Measure Is Bulletproof to the Effects of a Corrupted Supply ChainSecure communications in an age of network insecurity has focused mostly on encryption and fears of surveillance tracking. But as this week revealed to the dismay of terrorists and criminals alike, no OpSec measure is bulletproof to the effects of a corrupted supply chain.
Europol Taskforce Disrupts Global Criminal Network Through Supply Chain Attack
The suspected creator of Ghost, an encrypted communication platform allegedly used by organized crime groups worldwide, has been arrested
Australian Police conducted supply chain attack on criminal collaborationware
Sting led to cuffing of alleged operator behind Ghost – an app for drug trafficking, money laundering, and violence-as-a-service Australia's Federal Police (AFP) yesterday arrested and charged a man with creating and administering an app named Ghost that was allegedly "a dedicated encrypted communication platform … built solely for the criminal underworld" and which enabled crims to arrange acts of violence, launder money, and traffic illicit drugs.…
Exploding Hezbollah Pagers Not Likely a Cybersecurity Attack
Cybersecurity Experts Say Operatives Probably Intercepted Physical Supply ChainIt doesn't appear to be a cyberattack, security experts said of the hundreds of pagers that blew up Tuesday across Lebanon, an apparent salvo against Hezbollah militants by the Israeli government. "The only logical explanation is that explosives and a side channel for detonation was likely used."
'CloudImposer' Flaw in Google Cloud Affected Millions of Servers
Attackers could have exploited a dependency confusion vulnerability affecting various Google Cloud services to execute a sprawling supply chain attack via just one malicious Python code package.
Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution
A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack technique called dependency confusion