third-party-code

Axios breach shows why software supply chains need zero trust

• application-security
• third-party-code

Axios breach shows why software supply chains need zero trust

Oludolamu Onimole May 14, 2026

The axios breach shows trusted identities, not code flaws, now drive supply chain attacks.

Read More Read more about Axios breach shows why software supply chains need zero trust

Trusted by default: The npm attack pattern security teams miss

• application-security
• third-party-code

Trusted by default: The npm attack pattern security teams miss

Mohit Bansal May 13, 2026

Developers are now the prime target in evolving npm supply chain attacks.

Read More Read more about Trusted by default: The npm attack pattern security teams miss

Trusted third-party connections are the new front door for attackers 

• ai-benefitsrisks
• supply-chain
• third-party-code

Trusted third-party connections are the new front door for attackers 

John Watters May 6, 2026

Here’s five priorities for teams looking to manage third-party risk in the AI era.

Read More Read more about Trusted third-party connections are the new front door for attackers 

Zuckbot, Rockstar, Klaude, Browsers Galore, Microsoft 365, ATC, Kieran Human and more – Kieran Human – SWN #572

• aiml
• third-party-code
• vulnerability-management

Zuckbot, Rockstar, Klaude, Browsers Galore, Microsoft 365, ATC, Kieran Human and more – Kieran Human – SWN #572

Doug White April 14, 2026

Read More Read more about Zuckbot, Rockstar, Klaude, Browsers Galore, Microsoft 365, ATC, Kieran Human and more – Kieran Human – SWN #572

Apiiro’s Idan Plotnik on how AI-driven development and the risk landscape

• aiml
• application-security
• devsecops
• rsac
• third-party-code

Apiiro’s Idan Plotnik on how AI-driven development and the risk landscape

SC Staff March 26, 2026

Idan Plotnik discusses how AI-driven development is reshaping the application risk landscape.

Read More Read more about Apiiro’s Idan Plotnik on how AI-driven development and the risk landscape

Widespread cloud environment compromise facilitated by Trivy supply chain hack

• identity
• third-party-code

Widespread cloud environment compromise facilitated by Trivy supply chain hack

SC Staff March 25, 2026

More than 1,000 software-as-a-service environments were reported by Mandiant Consulting Chief Technology Officer Charles Carmakal to have...

Read More Read more about Widespread cloud environment compromise facilitated by Trivy supply chain hack

Illicit VS Code projects tapped to deploy StoatWaffle malware

• malware
• ransomware
• third-party-code

Illicit VS Code projects tapped to deploy StoatWaffle malware

SC Staff March 24, 2026

North Korean threat operation WaterPlum, which runs the Contagious Interview campaign, has leveraged malicious VS Code projects...

Read More Read more about Illicit VS Code projects tapped to deploy StoatWaffle malware

Illicit VS Code projects tapped to deploy StoatWaffle malware

• malware
• ransomware
• third-party-code

Illicit VS Code projects tapped to deploy StoatWaffle malware

SC Staff March 24, 2026

North Korean threat operation WaterPlum, which runs the Contagious Interview campaign, has leveraged malicious VS Code projects...

Read More Read more about Illicit VS Code projects tapped to deploy StoatWaffle malware