Articles by Tag #supplychainsecurity

Browse our collection of articles on various topics related to IT technologies. Dive in and explore something new!

NPM = Wild Wild West: It's Time to Stop the Madness
Youssef Khouidi
Youssef Khouidi

NPM = Wild Wild West: It's Time to Stop the Madness

For decades, the JavaScript ecosystem has been a welcoming, innovative space where anyone can...

Learn More 1 0Nov 29
SHA1-Hulud, npm supply chain incident
SnykSec
SnykSec

SHA1-Hulud, npm supply chain incident

Snyk identified a new supply chain attack in the npm ecosystem, referred to as SHA1-Hulud. We believe this is a second wave of the Shai-Hulud attack. Learn what this attack is and how Snyk is responding.

Learn More 0 0Nov 25
Embedded Malicious Code in tinycolor and ngx-bootstrap releases on npm
SnykSec
SnykSec

Embedded Malicious Code in tinycolor and ngx-bootstrap releases on npm

A supply chain attack hit the ngx-bootstrap npm package, embedding malware to steal developer credentials. See affected versions (e.g., 20.0.4-6, 19.0.3) and our playbook to contain the threat and rotate compromised secrets.

Learn More 0 0Sep 17
Using SBOMs to detect possible Dependency Confusion
Dmitry Protsenko
Dmitry Protsenko

Using SBOMs to detect possible Dependency Confusion

Software supply chains have become a focal point for attackers, as modern applications rely heavily...

Learn More 0 1Aug 15
Behind the Code: A Simple Look at the Software Supply Chain
Savinda
Savinda

Behind the Code: A Simple Look at the Software Supply Chain

Whether you're building your first web app or deploying containers in the cloud, you're already using...

Learn More 0 0May 16
Repojacking: Unseen Dangers and Mitigation Strategies.
Andrey Somsikov
Andrey Somsikov

Repojacking: Unseen Dangers and Mitigation Strategies.

Software supply chain security has gotten attention since 2020 after the SolarWinds attack. The...

Learn More 0 0Feb 20
Do not pass GO - Malicious Package Alert
SnykSec
SnykSec

Do not pass GO - Malicious Package Alert

Recently, researchers have found another Software Supply Chain issue in BoltDB, a popular database tool in the Go programming environment. The BoltDB Go Module was found backdoored and contained hidden malicious code.

Learn More 0 0Feb 13
Supply Chain Security Tools: 6 Breakthrough Platforms for Managing Third-Party Risk and Dependency Vulnerabilities at Scale
Iliya Garakh
Iliya Garakh

Supply Chain Security Tools: 6 Breakthrough Platforms for Managing Third-Party Risk and Dependency Vulnerabilities at Scale

Introduction: The Operational Peril of Third-Party Dependencies Did you know that 73% of...

Learn More 0 0Sep 7
AI-Driven Supply Chain Security: How Aikido Security, Tenable Nessus AI, and Qualys VMDR Slash Vulnerability Risk and Boost...
Iliya Garakh
Iliya Garakh

AI-Driven Supply Chain Security: How Aikido Security, Tenable Nessus AI, and Qualys VMDR Slash Vulnerability Risk and Boost...

Why Supply Chain Security Is the DevOps Achilles’ Heel Have you ever considered how one...

Learn More 0 0Sep 19
AI Intrusion Detection Software in Logistics: Enhancing Warehouse & Supply Chain Security with Visionfacts
chandru
chandru

AI Intrusion Detection Software in Logistics: Enhancing Warehouse & Supply Chain Security with Visionfacts

In the current logistics and supply chain world, security threats can interfere with operations,...

Learn More 0 0Sep 23
Protect Your Code and Your Peace of Mind: How pipq Is Revolutionizing Python Security
Livrädo Sandoval
Livrädo Sandoval

Protect Your Code and Your Peace of Mind: How pipq Is Revolutionizing Python Security

In development, every package you install is a potential gateway to hidden risks. Have you ever...

Learn More 0 0Dec 10