The software supply chain, an entire network of components, tools, and processes used to develop, build, and deliver software ...

A China-linked threat actor tracked as 'PlushDaemon' is hijacking software update traffic using a new implant called EdgeStepper in cyberespionage operations. Since 2018, PlushDaemon hackers have ...

Some of the most significant software supply chain incidents over the past year were carried out by threat actors who exploited vulnerabilities in GitHub, the global repository widely used by software ...

One such event occurred in December 2024, making it worthy of a ranking for 2025. The hackers behind the campaign pocketed as ...

The text and code editing tool EmEditor was targeted in a supply chain attack that resulted in the distribution of ...

Across just 12 months, cyber incidents have impacted governments, healthcare systems, financial institutions, SaaS providers, ...

A major JavaScript supply-chain attack has compromised hundreds of software packages — including at least 10 used widely across the crypto ecosystem — according to new research from cybersecurity firm ...

Supply chain attacks and phishing scams soared to become the biggest crypto security threat of 2025, as code vulnerability exploits are on the decline due to improved blockchain security.

A self-propagating worm is targeting Visual Studio Code (VS Code) extensions in a complex supply chain attack that has infected 35,800 developer machines so far with techniques the likes of which ...

In June 2025, one of the largest grocery distributors in North America, United Natural Foods Inc. (UNFI), suffered a paralyzing cyberattack. As the company’s fulfillment systems were brought to a halt ...

The recent cyberattack on Jaguar Land Rover (JLR) has revealed how fragile -- digitally, physically and financially -- one of the UK’s most important supply chains really is. What began as a breach of ...