The Old Ways of Vendor Risk Management Are No Longer Good Enough
Managing third-party risk in the SaaS era demands a proactive, data-driven approach beyond checkbox compliance.
The Frontier of Security: Safeguarding Non-Human Identities
Dropbox, Microsoft, Okta – not only are these all major software companies, but each of them has fallen victim to…
IPany VPN breached in supply-chain attack to push custom malware
South Korean VPN provider IPany was breached in a supply chain attack by the "PlushDaemon" China-aligned hacking group, who compromised…
Malicious Rspack, Vant packages published using stolen NPM tokens
Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish…
Ditch The Cloud Security Labels to Nail Detection and Response
Today’s cloud security categories don’t do practitioners any favors when it comes to identifying the key requirements for detection and…
390,000 WordPress accounts stolen from hackers in supply chain attack
A threat actor tracked as MUT-1244 has stolen over 390,000 WordPress credentials in a large-scale, year-long campaign targeting other threat…
Ultralytics AI model hijacked to infect thousands with cryptominer
The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions…
Going Beyond Secure by Demand
Secure by Demand offers a starting point for third-party risk management teams, but they need to take the essential step…
Lessons From OSC&R on Protecting the Software Supply Chain
A new report from the Open Software Supply Chain Attack Reference (OSC&R) team provides a framework to reduce how much…
SEC charges tech companies for downplaying SolarWinds breaches
The SEC has charged four companies—Unisys Corp, Avaya Holdings, Check Point Software, and Mimecast—for allegedly misleading investors about the impact…