supply-chain

Trivy supply chain intrusion reportedly compromises Cisco source code

• data-security
• supply-chain
• vulnerability-management

Trivy supply chain intrusion reportedly compromises Cisco source code

SC Staff April 1, 2026

Cisco was reported to have had its source code stolen by threat actors following an attack linked...

Read More Read more about Trivy supply chain intrusion reportedly compromises Cisco source code

AI startup Mercor confirms security incident linked to LiteLLM supply chain attack

• aiml
• data-security
• supply-chain

AI startup Mercor confirms security incident linked to LiteLLM supply chain attack

SC Staff April 1, 2026

The incident at Mercor is believed to stem from malicious code injected into the LiteLLM project, an...

Read More Read more about AI startup Mercor confirms security incident linked to LiteLLM supply chain attack

FCC bans import of new foreign-made consumer routers due to security risks

• network-security
• security-operations
• supply-chain

FCC bans import of new foreign-made consumer routers due to security risks

SC Staff April 1, 2026

The FCC has added all foreign-produced consumer-grade routers to its Covered List, prohibiting their marketing and sale...

Read More Read more about FCC bans import of new foreign-made consumer routers due to security risks

Axios npm supply chain attack: Malicious updates add remote access trojan

• application-security
• devsecops
• identity
• malware
• supply-chain
• threat-intelligence

Axios npm supply chain attack: Malicious updates add remote access trojan

Laura French March 31, 2026

The axios npm package, with about 100 million weekly downloads, was compromised via a maintainer’s account.

Read More Read more about Axios npm supply chain attack: Malicious updates add remote access trojan

OpenAI fixes Codex flaw that could lead to GitHub token theft

• aiml
• application-security
• identity
• supply-chain

OpenAI fixes Codex flaw that could lead to GitHub token theft

Laura French March 31, 2026

A command injection hidden in a branch name could cause an OAuth token to be exfiltrated.

Read More Read more about OpenAI fixes Codex flaw that could lead to GitHub token theft

Exclusive: Blue Star NBR CEO Calls on Trump Admin to Help Critical Glove Industry — or Rely on China

• Economy
• Health
• Japan
• manufacturing
• Politics
• PPE
• Strait of Hormuz
• supply-chain
• Trump Administration

Exclusive: Blue Star NBR CEO Calls on Trump Admin to Help Critical Glove Industry — or Rely on China

Olivia Rondeau March 30, 2026

The United States is in danger of becoming dependent on China for essential nitrile butadiene rubber (NBR)...

Read More Read more about Exclusive: Blue Star NBR CEO Calls on Trump Admin to Help Critical Glove Industry — or Rely on China

PwC: Identity compromise a supply chain for attackers

• identity
• supply-chain

PwC: Identity compromise a supply chain for attackers

SC Staff March 30, 2026

PwC's "Cyber threats in motion" report warns that AI is giving attackers added sophistication, speed, and scale,...

Read More Read more about PwC: Identity compromise a supply chain for attackers

Wormsign, RSAC 2026: More auto-updating supply chain attacks on the way

• application-security
• devsecops
• malware
• rsac
• supply-chain

Wormsign, RSAC 2026: More auto-updating supply chain attacks on the way

Paul Wagenseil March 28, 2026

The Shai-Hulud worms that exploited automatic updates in open-source software repositories may be only the beginning, two...

Read More Read more about Wormsign, RSAC 2026: More auto-updating supply chain attacks on the way

FCC bans foreign-made routers in bid to secure supply chain

• network-security
• supply-chain
• threat-intelligence

FCC bans foreign-made routers in bid to secure supply chain

Steve Zurier March 25, 2026

Security pros OK with FCC’s move to ban foreign routers, but say the real risk lies with...

Read More Read more about FCC bans foreign-made routers in bid to secure supply chain

Novel Iran-linked hacking group takes aim at Middle Eastern energy firms

• ot-security
• supply-chain

Novel Iran-linked hacking group takes aim at Middle Eastern energy firms

SC Staff March 24, 2026

Security Affairs reports that multiple energy sector organizations across the Middle East have been subjected to attacks...

Read More Read more about Novel Iran-linked hacking group takes aim at Middle Eastern energy firms