supply-chain

The three-legged drone stool: Policy, production, and protection

• ot-security
• supply-chain

The three-legged drone stool: Policy, production, and protection

Brett Freedman  March 9, 2026

To remain militarily competitive, the U.S. must coordinate all aspects of drone strategy.

Read More Read more about The three-legged drone stool: Policy, production, and protection

Breaking in with CrashFix, supply chain security, and CMMC phase 1 – Anna Pham, David Zendzian, Jacob Horne – ESW #449

• malware
• supply-chain

Breaking in with CrashFix, supply chain security, and CMMC phase 1 – Anna Pham, David Zendzian, Jacob Horne – ESW #449

Matt Alderman March 9, 2026

Read More Read more about Breaking in with CrashFix, supply chain security, and CMMC phase 1 – Anna Pham, David Zendzian, Jacob Horne – ESW #449

Malicious PHP packages deliver cross-platform RAT

• malware
• supply-chain
• threat-intelligence

Malicious PHP packages deliver cross-platform RAT

SC Staff March 5, 2026

The malicious packages, including "nhattuanbl/lara-helper" and "nhattuanbl/simple-queue," contain obfuscated PHP code that connects to a command and...

Read More Read more about Malicious PHP packages deliver cross-platform RAT

North Korea, DOJ, APT 28, Anthropic, OpenClaw, Supply Chain, Josh Marpet, and More – SWN #560

• supply-chain
• threat-intelligence

North Korea, DOJ, APT 28, Anthropic, OpenClaw, Supply Chain, Josh Marpet, and More – SWN #560

Aaran Leyland March 3, 2026

Read More Read more about North Korea, DOJ, APT 28, Anthropic, OpenClaw, Supply Chain, Josh Marpet, and More – SWN #560

Updated Contagious Interview campaign harnesses illicit npm packages for RAT delivery

• supply-chain
• threat-intelligence

Updated Contagious Interview campaign harnesses illicit npm packages for RAT delivery

SC Staff March 3, 2026

North Korean state-sponsored advanced persistent threat operation Famous Chollima has published 26 illicit npm packages impersonating developer...

Read More Read more about Updated Contagious Interview campaign harnesses illicit npm packages for RAT delivery

Chrome extension ‘QuickLens’ removed after stealing crypto and spreading malware

• identity
• phishing
• supply-chain

Chrome extension ‘QuickLens’ removed after stealing crypto and spreading malware

SC Staff March 2, 2026

The malicious version 5.8 of QuickLens was pushed to approximately 7,000 users on February 17, 2026, after...

Read More Read more about Chrome extension ‘QuickLens’ removed after stealing crypto and spreading malware

Malicious Go module steals passwords, deploys Rekoobe backdoor

• malware
• supply-chain

Malicious Go module steals passwords, deploys Rekoobe backdoor

SC Staff March 2, 2026

The compromised Go module injects malicious code into the "ssh/terminal/terminal.go" file, specifically within the "ReadPassword()" function.

Read More Read more about Malicious Go module steals passwords, deploys Rekoobe backdoor

The drone gap: Why the U.S. industrial base continues to fall behind in a world at war by drone

• supply-chain

The drone gap: Why the U.S. industrial base continues to fall behind in a world at war by drone

Brett Freedman  March 2, 2026

Rapid drone production is essential to modern warfare. The U.S. has a lot of catching up to...

Read More Read more about The drone gap: Why the U.S. industrial base continues to fall behind in a world at war by drone

Open-source vulnerabilities per codebase surge by 107%

• patchconfiguration-management
• supply-chain
• vulnerability-management

Open-source vulnerabilities per codebase surge by 107%

Laura French February 26, 2026

The Black Duck 2026 OSSRA report explores AI as one of several factors in the historic increase....

Read More Read more about Open-source vulnerabilities per codebase surge by 107%

Harness launches Artifact Registry to secure software supply chain

• supply-chain

Harness launches Artifact Registry to secure software supply chain

SC Staff February 25, 2026

Harness Artifact Registry centralizes and manages all machine-generated outputs from the development lifecycle, including binaries, container images,...

Read More Read more about Harness launches Artifact Registry to secure software supply chain