supply-chain

Flaw in Microsoft-owned GitHub repository allowed RCE via issue submission

• application-security
• devsecops
• supply-chain
• vulnerability-management

Flaw in Microsoft-owned GitHub repository allowed RCE via issue submission

Laura French April 22, 2026

Attackers could have extracted a GITHUB_TOKEN secret, potentially enabling unauthorized changes.

Read More Read more about Flaw in Microsoft-owned GitHub repository allowed RCE via issue submission

Aikido Security launches Endpoint to secure AI development and mitigate supply chain attacks

• aiml
• devsecops
• security-operations
• supply-chain

Aikido Security launches Endpoint to secure AI development and mitigate supply chain attacks

SC Staff April 21, 2026

Endpoint aims to provide enterprises with visibility and control over software packages, development environments, browser extensions, and...

Read More Read more about Aikido Security launches Endpoint to secure AI development and mitigate supply chain attacks

Critical RCE vulnerability in protobuf.js; Exploit code published

• patchconfiguration-management
• supply-chain
• vulnerability-management

Critical RCE vulnerability in protobuf.js; Exploit code published

SC Staff April 20, 2026

The vulnerability, tracked as GHSA-xq3m-2v4x-88gg, stems from unsafe dynamic code generation within protobuf.js.

Read More Read more about Critical RCE vulnerability in protobuf.js; Exploit code published

Loop raises $95M to build supply chain AI that predicts disruptions

• Startups
• supply-chain
• Technology

Loop raises $95M to build supply chain AI that predicts disruptions

Sean O'Kane April 17, 2026

The San Francisco startup closed a Series C funding round led by Antonio Gracias' firm Valor, which...

Read More Read more about Loop raises $95M to build supply chain AI that predicts disruptions

PHP Composer vulnerabilities allow arbitrary command execution

• supply-chain
• vulnerability-management

PHP Composer vulnerabilities allow arbitrary command execution

SC Staff April 16, 2026

The vulnerabilities, CVE-2026-40176 (CVSS 7.8) and CVE-2026-40261 (CVSS 8.8), stem from improper input validation and insufficient escaping...

Read More Read more about PHP Composer vulnerabilities allow arbitrary command execution

McGraw-Hill downplays Salesforce misconfiguration-related breach

• data-security
• supply-chain

McGraw-Hill downplays Salesforce misconfiguration-related breach

SC Staff April 15, 2026

BleepingComputer reports that McGraw-Hill has disclosed that the limited set of data exposed during a breach caused...

Read More Read more about McGraw-Hill downplays Salesforce misconfiguration-related breach

Over 25K systems exposed by adware app to supply chain compromise

• supply-chain
• threat-intelligence

Over 25K systems exposed by adware app to supply chain compromise

SC Staff April 15, 2026

Highly aggressive Dragon Boss Solutions-distributed adware has inadvertently exposed over 25,000 systems around the world due to...

Read More Read more about Over 25K systems exposed by adware app to supply chain compromise

Manifold Security launches Manifest AI supply chain intelligence platform

• aiml
• security-operations
• supply-chain

Manifold Security launches Manifest AI supply chain intelligence platform

SC Staff April 15, 2026

The growing AI agent ecosystem presents significant supply chain complexity, with each component carrying its own trust...

Read More Read more about Manifold Security launches Manifest AI supply chain intelligence platform

WordPress plugins compromised after acquisition, leading to backdoor installation

• security-operations
• supply-chain

WordPress plugins compromised after acquisition, leading to backdoor installation

SC Staff April 15, 2026

The attack vector was identified as a supply chain compromise affecting Essential Plugin, a provider with over...

Read More Read more about WordPress plugins compromised after acquisition, leading to backdoor installation

Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites

• Cybersecurity
• Security
• supply-chain
• Technology
• Wordpress

Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites

Zack Whittaker April 14, 2026

Dozens of WordPress plug-ins were allegedly hijacked to push malware after they were sold to a new...

Read More Read more about Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites