#supply-chain-security

[ follow ]
#cybersecurity #data-breach #malware #open-source #contact-form-phishing #devsecops #python #software-development
fromZDNET
3 days ago

This 'critical' Cursor security flaw could expose your code to malware - how to fix it

"This has the potential to leak sensitive credentials, modify files, or serve as a vector for broader system compromise, placing Cursor users at significant risk from supply chain attacks," Oasis wrote. While Cursor and other AI-powered coding tools like Claude Code and Windsurf have become popular among software developers, the technology is still fraught with bugs. Replit, another AI coding assistant that debuted its newest agent earlier this week, recently deleted a user's entire database.
Information security
Software development
fromDevOps.com
1 week ago

Nominations Are Open: DevOps Dozen 2025 - DevOps.com

Nominations are open for the DevOps Dozen awards recognizing community leaders and tools across 24 categories emphasizing AI, platform engineering, and supply-chain security.
Information security
fromInfoQ
1 week ago

Researcher Unearths Thousands of Leaked Secrets in GitHub's "Oops Commits"

GitHub public commits remain archived after force pushes, exposing thousands of secrets including high-value tokens and admin-level credentials.
#contact-form-phishing
more#contact-form-phishing
Information security
fromSecuritymagazine
2 weeks ago

1.1M Impacted by Farmers Insurance Data Breach, Security Leaders Discuss

Farmers Insurance suffered a third-party breach of ~1.1 million customers' PII—names, addresses, birthdates, driver’s license numbers, last four SSNs—possibly tied to Salesforce social engineering.
Information security
fromInfoWorld
2 weeks ago

8 vendors bringing AI to devsecops and application security

AI is becoming foundational to software security, enabling automated vulnerability remediation, real-time secure coding, and supply-chain hardening while introducing governance and risk challenges.
World news
fromTheregister
2 weeks ago

Trump pulls out 't-word' again over China rare earths ban

China's export controls on rare-earth minerals and processing equipment create strategic leverage over global tech and defense supply chains, prompting US tariff threats.
fromDevOps.com
3 weeks ago

Tackling the DevSecOps Gap in Software Understanding - DevOps.com

Let's dig into what this really means, why it matters, and where we go from here. But then I thought a bit more. It's not just necessary-it's overdue. And not only for national security systems. This gap in software understanding exists across nearly every enterprise and agency in the public and private sector. The real challenge is not recognizing the problem. It's addressing it early, systemically and sustainably-especially in a DevSecOps context.
DevOps
Software development
fromInfoQ
4 weeks ago

Supply Chain Security: Provenance Tools Becoming Standard in Developer Platforms

Software provenance is essential for securing supply chains and ensuring compliance with regulations like SLSA.
Health
fromMedCity News
1 month ago

Trump's Push for U.S. Drug Manufacturing Expands to Pharma Ingredients With New Executive Order - MedCity News

The Trump administration's new executive order aims to stockpile active pharmaceutical ingredients (APIs) to enhance U.S. drug manufacturing security.
#python
more#python
Artificial intelligence
fromFortune
1 month ago

Former Intel board members: America's champion is likely to retreat, and we still need a leading-edge chip manufacturer

The U.S. must prioritize American-owned semiconductor manufacturing to secure its supply chains and technological supremacy in AI and critical technologies.
Software development
fromHackernoon
5 months ago

Reproducible Go Toolchains: What You Need to Know | HackerNoon

Reproducible builds in open-source software prevent supply chain attacks by enabling verification of binaries against trustworthy sources.
fromThe Hacker News
2 months ago

5 Ways Identity-based Attacks Are Breaching Retail

Adidas confirmed a data breach caused by an attack on a third-party customer service provider. The company said customer data was exposed, including names, email addresses, and order details.
Privacy professionals
fromwww.theguardian.com
2 months ago

Quad countries agree to diversify critical mineral supplies amid China concerns

The four countries said in a joint statement that they were establishing the Quad Critical Minerals Initiative, aimed at collaborating on securing and diversifying supply chains.
US politics
#cybersecurity
fromHackernoon
2 years ago
Privacy professionals

Decentralized Public-Key Infrastructure: The Future of Supply Chain Security | HackerNoon

Information security
fromIT Pro
3 months ago

Two more NHS Trusts have been hit with cyber attacks - here's what we know so far

Cyber attacks on NHS trusts emphasize the urgent need for improved supply chain security practices.
fromHackernoon
2 years ago
Privacy professionals

Decentralized Public-Key Infrastructure: The Future of Supply Chain Security | HackerNoon

fromIT Pro
3 months ago
Information security

Two more NHS Trusts have been hit with cyber attacks - here's what we know so far

more#cybersecurity
Node JS
fromIT Pro
3 months ago

Developers beware: Malware has been found in a dozen popular NPM packages - here's what you need to know

Over a dozen NPM packages have been compromised, delivering malware that allows attackers to control infected machines.
Growth hacking
fromThe Hacker News
3 months ago

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

Malicious packages in multiple repositories have been discovered, posing significant security threats in open-source ecosystems.
DevOps
fromInfoWorld
1 year ago

GitHub Artifact Attestations sign and verify software artifacts

GitHub introduced Artifact Attestations for securing software supply chains in GitHub Actions.
[ Load more ]