Supply Chain

Lebanon now hit with deadly walkie-talkie blasts as Israel declares ‘new phase’ of war

Updated Second wave of exploding gear kills at least 14 today

Security18 Sep 2024 | 185

Predator spyware updated with dangerous new features, also now harder to track

Infosec in brief Plus: Trump family X accounts hijacked to promote crypto scam; Fog ransomware spreads; Hijacked PyPI packages; and more

Security09 Sep 2024 | 10

Homeland security hopes to scuttle maritime cyber-threats with port infosec testbed

Supply chains, 13M jobs and $649B a year at risk, so Uncle Sam is fighting back - with a request for info

Public Sector05 Sep 2024 | 6

HP Inc loves China – but wants to reduce the risks it presents

Amid reports that plenty of PC production will shift elsewhere, supply chain boss emphasizes agility

Personal Tech09 Aug 2024 | 9

Polyfill.io claims reveal new cracks in supply chain, but how deep do they go?

Opinion There will always be bad actors in the system. We can always learn from the drama they create

Security01 Jul 2024 | 19

If you're using Polyfill.io code on your site – like 100,000+ are – remove it immediately

Scripts turn sus after mysterious CDN swallows domain

CSO25 Jun 2024 | 61

Preventing another chip shortage on G7 summit agenda

Group will also look into protecting subsea communications infrastructure

Public Sector13 Jun 2024 | 1

Euro banks worry AI will increase their dependence on US big tech

Putting such a dominant power in the middle of your supply chain a risky move...

AI + ML10 Jun 2024 | 11

It may take decade to shore up software supply chain security, says infosec CEO

interview Sure, we're waking to the risk, but we gotta get outta bed, warns Endor Labs founder Varun Badhwar

CSO03 May 2024 | 27

Japan to draw up routes for roads dedicated to robot trucks

Digital reform conference sees PM repeat calls to get online government services right at last

Public Sector23 Apr 2024 | 9

What can be done to protect open source devs from next xz backdoor drama?

Kettle What happened, how it was found, and what your vultures have made of it all

Research06 Apr 2024 | 93

Taiwan quake to hit chipmakers' capex, not chip supply

Some equipment suffered minor damage, but the silicon show must go on

Off-Prem05 Apr 2024 | 1

Malicious xz backdoor reveals fragility of open source

Analysis This time, we got lucky. It mostly affected bleeding-edge distros. But that's not a defense strategy

Devops01 Apr 2024 | 98

AI hallucinates software packages and devs download them – even if potentially poisoned with malware

In-depth Simply look out for libraries imagined by ML and make them real, with actual malicious code. No wait, don't do that

Security28 Mar 2024 | 84

Alibaba bins listing for its Cainiao logistics limb

Already backed away from cloud spinout, now gradually breaking up with its own breakup plan

Off-Prem27 Mar 2024 |

Over 170K users caught up in poisoned Python package ruse

Supply chain attack targeted GitHub community of Top.gg Discord server

Cyber-crime25 Mar 2024 | 44

In the rush to build AI apps, please, please don't leave security behind

Feature Supply-chain attacks are definitely possible and could lead to data theft, system hijacking, and more

AI + ML17 Mar 2024 | 20

GitHub struggles to keep up with automated malicious forks

Cloned then compromised, bad repos are forked faster than they can be removed

Security01 Mar 2024 | 26

The latest cold war is already being fought in the supply chain trenches

AI and the chips that power it are at the center of the equation

Systems30 Jan 2024 | 2

Logitech warns of logistical impact of Houthi attacks in Red Sea

Longer lead times, extra costs and more freight coming via air

Personal Tech24 Jan 2024 | 13

Exposed Hugging Face API tokens offered full access to Meta's Llama 2

Updated With more than 1,500 tokens exposed, research highlights importance of securing supply chains in AI and ML

Research04 Dec 2023 | 6

Industry piles in on North Korea for sustained rampage on software supply chains

Kim’s cyber cronies becoming more active, sophisticated in attempts to pwn global orgs

Security23 Nov 2023 | 18

Cisco has a new problem: You take too long to implement its products and stop buying more kit

Supply chain is back to pre-COVID normal, just in time for big clouds to spend $1 billion on networks for AI

Networks16 Nov 2023 | 8

SolarWinds charged after SEC says biz knew IT was leaky ahead of SUNBURST attack

Developer labels action 'unfounded' after company and CISO slapped with suit for misleading investors

Cybersecurity Month31 Oct 2023 | 9

MOVEit breach delivers bundle of 3.4 million baby records

Progress Software vulnerability ID'd in enormous burglary at Ontario's BORN

Cyber-crime26 Sep 2023 | 7

Sneaky Python package security fixes help no one – except miscreants

Good thing these eggheads have created a database of patches

Patches26 Jul 2023 | 10

Make sure that off-the-shelf AI model is legit – it could be a poisoned dependency

Updated Another kind of supply chain attack that can quietly mess up bots and apps

AI + ML11 Jul 2023 | 11

Dublin Airport staff pay data 'compromised' by criminals

Attackers accessed it via third-party services provider, says management group

Cyber-crime03 Jul 2023 | 6

US government extends software security deadline because vendors aren't ready

This from the Administration that made infosec a priority

Software13 Jun 2023 | 4

Raspberry Pi production rate rising to a million a month

CEO stands by decision to keep prices steady instead of scoring sweet, sweet, windfall profits

Personal Tech05 Jun 2023 | 74

This malicious PyPI package mixed source and compiled code to dodge detection

Oh cool, something else to scan for

Security02 Jun 2023 | 11

Python Package Index had one person on-call to hold back weekend malware rush

We speak to infra director after project temporarily freezes new user accounts

Devops22 May 2023 | 22

UK government prays that size doesn't matter as it chips in £1B for semiconductor sector

Domestic industry 'will never be wholly sovereign' say critics as Blighty hooks up with Japan

Systems19 May 2023 | 36

GitHub debuts pedigree check for npm packages via Actions

Publishing provenance possibly prevents problems

Security19 Apr 2023 | 4

China the largest buyer of chipmaking machines as sales hit an all-time high

Despite US blocks to advanced technology nodes

Systems14 Apr 2023 | 11

Worried about the security of your code's dependencies? Try Google's Deps.dev

Is this what the kids mean by owning the libs?

Devops13 Apr 2023 | 13

3CX teases security-focused client update, plus password hashing

As Mandiant finds more evidence it was North Korea wot done it

Security12 Apr 2023 | 4

Just because on-prem is cheaper doesn’t make the cloud a money pit

Comment Oh and expect to DCs to get more expensive, not less, analysts warn

Energy Efficient Datacenters11 Apr 2023 | 55

3CX thought supply chain attack was a false positive

Updated 'It's not unusual for VoIP apps' says CEO

Cyber-crime03 Apr 2023 | 23

Flirting hard with India doesn't mean US is breaking up with China

Commerce secretary says relationship with Beijing is 'benign' and wants to be open to new possibilities

On-Prem14 Mar 2023 | 17

Dems, Repubs eye up ban on chat apps they don't like

Clock is ticking for TikTok and other foreign natter-ware

Security09 Mar 2023 | 14

As Big Tech lays off staff, TSMC swoops in to hire 6,000

Updated Good news: Jobs for all! Bad news: Employer may be invaded by China

Systems06 Mar 2023 | 16

Huge lithium discovery could end world shortages ... Oh, wait, it's in Iran

Good thing we've got a great rapport with Tehran, no?

On-Prem04 Mar 2023 | 86

Datacenters in China, Singapore cracked by crims who then targeted tenants

Infiltrators tried to create fake remote hands tasks, alter visitor lists

Cyber-crime23 Feb 2023 |

Open source software has its perks, but supply chain risks can't be ignored

Analysis While app development is faster and easier, security is still a concern

Security22 Feb 2023 | 14

Burn, backlog, burn: Cisco inferno clears away supply chain hassles

As rival Arista admits Meta and Microsoft now account for at least ten percent of its business

Networks16 Feb 2023 | 5

Ex-CEO of logistics startup Slync collared on multimillion fraud, embezzlement charges

Christopher Kirchner alleged to have hyped up biz to investors then siphoned off a slice of cash

Legal15 Feb 2023 | 2

Have we learned anything from SolarWinds supply chain attacks?

From frameworks to new federal offices, it's time to get busy

Security05 Feb 2023 | 26

We're just shouting into the void, says US watchdog offering cybersecurity advice

Federal depts ignore almost 60% of IT defense recommendations

Government Tech Week24 Jan 2023 | 14

As wafer demand dries up, foundry revenues head for a cliff, we all celebrate

Some potential good news for those unhappy with pandemic-era lead times, prices

Personal Tech20 Jan 2023 | 11

US, Canada, Mexico ponder some sort of chip supply collab

Climate change, drugs and immigration behind semiconductors on White House priority list

Systems10 Jan 2023 | 1

PyTorch dependency poisoned with malicious code

System data was exfiltrated during attack, but an anonymous person says it was a research project gone wrong

Security04 Jan 2023 | 22

Tech supply chains brace for impact as China shifts from zero-COVID to rampant COVID

Hundreds of millions of cases expected to bring new waves of disruption

Off-Prem19 Dec 2022 | 32

Uber staff info leaks after supplier Teqtivity gets pwned

Thankfully no customer info – but the spotlight is back on third-party attacks

Security13 Dec 2022 | 3

Raspberry Pi supply chain loosens just in time for the holiday season

100,000 units being sent to resellers as thanks for consumer patience, says CEO Eben Upton

Personal Tech12 Dec 2022 | 31

Foxconn factory chaos means more iPhone delays over the holiday period

Protests in Zhangzhou may equate to 15-20 million fewer Pro models in Q4, says analyst Ming-Chi Kuo

Personal Tech30 Nov 2022 | 5