supply-chain - FUSION GLOBAL

Malicious Go module steals passwords, deploys Rekoobe backdoor

SC Staff March 2, 2026

The compromised Go module injects malicious code into the "ssh/terminal/terminal.go" file, specifically within the "ReadPassword()" function.

The drone gap: Why the U.S. industrial base continues to fall behind in a world at war by drone

Brett Freedman March 2, 2026

Rapid drone production is essential to modern warfare. The U.S. has a lot of catching up to...

Open-source vulnerabilities per codebase surge by 107%

Laura French February 26, 2026

The Black Duck 2026 OSSRA report explores AI as one of several factors in the historic increase....

Harness launches Artifact Registry to secure software supply chain

SC Staff February 25, 2026

Harness Artifact Registry centralizes and manages all machine-generated outputs from the development lifecycle, including binaries, container images,...

Vishing-related breach reported by Optimizely

SC Staff February 24, 2026

Ad tech firm Optimizely, which counts PayPal, Salesforce, Vodafone, and Zoom among its clients, has been impacted...

SANDWORM_MODE: Shai-Hulud with an AI twist

Laura French February 24, 2026

A new npm supply chain attack injects a malicious MCP server and targets LLM API keys.

Open source AI coding assistant Cline CLI targeted in supply chain attack

SC Staff February 23, 2026

The attack involved an unauthorized party gaining access to Cline CLI's npm package via a compromised token.

HHS intensifies scrutiny of third-party vendor cybersecurity

SC Staff February 20, 2026

CyberScoop reports that the massive Change Healthcare breach in 2024, which stemmed from the lack of multi-factor...