supply-chain

Securing Software’s Journey with the OWASP SPVS – Cameron W., Farshad Abasi, Rohan Ravindranath, Ido Geffen – ASW #378

• application-security
• generative-ai
• supply-chain

Securing Software’s Journey with the OWASP SPVS – Cameron W., Farshad Abasi, Rohan Ravindranath, Ido Geffen – ASW #378

Mike Shema April 14, 2026

Read More Read more about Securing Software’s Journey with the OWASP SPVS – Cameron W., Farshad Abasi, Rohan Ravindranath, Ido Geffen – ASW #378

Hacker alleges InfoDesk breach affecting pharma, financial firms

• data-security
• supply-chain

Hacker alleges InfoDesk breach affecting pharma, financial firms

SC Staff April 13, 2026

Cybernews reports that a threat actor claiming to have breached the enterprise intelligence software provider Infodesk has...

Read More Read more about Hacker alleges InfoDesk breach affecting pharma, financial firms

OpenAI’s macOS app-signing process hit by axios supply chain attack

• aiml
• application-security
• generative-ai
• supply-chain

OpenAI’s macOS app-signing process hit by axios supply chain attack

Laura French April 13, 2026

The company is revoking and rotating certificates “out of an abundance of caution.”

Read More Read more about OpenAI’s macOS app-signing process hit by axios supply chain attack

Contagious Interview campaign expands further

• supply-chain
• threat-intelligence

Contagious Interview campaign expands further

SC Staff April 9, 2026

Over a dozen new malicious packages have been published across the npm, PyPI, Go Modules, crates.io, and...

Read More Read more about Contagious Interview campaign expands further

Malware distributed via ILSpy WordPress domain breach

• malware
• supply-chain

Malware distributed via ILSpy WordPress domain breach

SC Staff April 7, 2026

Malicious actors have breached the official WordPress site for open-source decompiler ILSpy to compromise developers with malware...

Read More Read more about Malware distributed via ILSpy WordPress domain breach

Malicious PyPI package enables Claude prompt, data compromise

• aiml
• data-security
• supply-chain

Malicious PyPI package enables Claude prompt, data compromise

SC Staff April 7, 2026

Malicious PyPI package enables Claude prompt, data compromise GBHackers News reports that threat actors have been distributing...

Read More Read more about Malicious PyPI package enables Claude prompt, data compromise

Acquisition reform is materializing, but the harder test still lies ahead

• supply-chain

Acquisition reform is materializing, but the harder test still lies ahead

Val Moon April 7, 2026

The Pentagon is finally getting serious about procurement reform, but the proof will be in the pudding.

Read More Read more about Acquisition reform is materializing, but the harder test still lies ahead

The Axios npm breach taught us the need for a personal zero-trust

• application-security
• devsecops
• supply-chain
• zero-trust

The Axios npm breach taught us the need for a personal zero-trust

Aaron Beardslee April 7, 2026

Security pros need to develop a mental zero-trust that trusts nothing and tests everything.

Read More Read more about The Axios npm breach taught us the need for a personal zero-trust

Thousands of European tourist sites impacted by ticketing platform breach

• ransomware
• supply-chain

Thousands of European tourist sites impacted by ticketing platform breach

SC Staff April 6, 2026

Nearly 3,500 museums, monuments, and cultural sites across Europe had their online reservations disrupted following a cyberattack...

Read More Read more about Thousands of European tourist sites impacted by ticketing platform breach

Extensive compromise facilitated by dozens of illicit npm packages

• malware
• supply-chain

Extensive compromise facilitated by dozens of illicit npm packages

SC Staff April 6, 2026

Thirty-six malicious npm packages masquerading as Strapi CMS plugins have been spreading multiple payloads enabling Redis and PostgreSQL abuse,...

Read More Read more about Extensive compromise facilitated by dozens of illicit npm packages