Browsing Tag
Supply Chain
14 posts
Malicious Code Hits ‘tj-actions/changed-files’ in 23,000 GitHub Repos
GitHub security alert: Malicious code found in ‘tj-actions/changed-files,’ impacting 23K+ repos. Learn how to check, remove, and protect…
Duo Wins $50K Bug Bounty for Supply Chain Flaw in Newly Acquired Firm
Researchers earned a $50,500 Bug Bounty after uncovering a critical supply chain flaw in a newly acquired firm,…
AI’s Role in Cutting Costs and Cybersecurity Threats in Logistics
Supply chains are under immense pressure. Fuel costs are skyrocketing, delays are becoming the norm, and cybersecurity threats…
AI Python Package Flaw ‘Llama Drama’ Threatens Software Supply Chain
The Llama Drama vulnerability in the Llama-cpp-Python package exposes AI models to remote code execution (RCE) attacks, enabling attackers to steal data. Currently, over 6,000 models are affected by this vulnerability.
AI and Machine Learning in Product and Supply Chain Management
A package arrives at the doorstep. The customer rips off the tape, pulls out their order, and moves…
NIST Releases Cybersecurity Framework 2.0: Guide for All Organizations
The first Cybersecurity Framework (CSF) was released in 2014.
Supply Chain Attack Targeting Telegram, AWS and Alibaba Cloud Users
KEY FINDINGS Cybersecurity firm Checkmarx has discovered a new wave of supply chain attacks exploiting bugs in popular…
Malware Concealed as Dependabot Contributions Strikes GitHub Projects
Malicious code disguised as Dependabot contributions hits hundreds of GitHub repositories.
JetBrains Patches Severe TeamCity Flaw Allowing RCE and Server Hijacking
JetBrains has fixed this flaw in version 2023.05.4 of the product released on September 18. It also released a security advisory but didn't disclose technical details of the vulnerability for now.
Supply Chain Attack: Abandoned S3 Buckets Used for Malicious Payloads
Threat actors have been taking over abandoned S3 buckets to launch malicious binaries, steal login credentials and more.