CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Risk Management

80 материалов

  • Mercor Hit by LiteLLM Supply Chain Attack

    Supply Chain Security

    The AI recruiting firm is investigating the incident as Lapsus$ claimed the theft of 4TB of Mercor data. The post Mercor Hit by LiteLLM Supply Chain Attack appeared first on SecurityWeek.

  • Axios NPM Package Breached in North Korean Supply Chain Attack

    Supply Chain Security · Application Security

    A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored package versions. The post Axios NPM Package Breached in North Korean Supply Chain Attack appeared first on SecurityWeek.

  • The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust

    Data Protection

    Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. The post The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust appeared first on SecurityWeek.

  • Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption

    Data Protection

    Google researchers have shown that breaking the encryption of Bitcoin and Ethereum requires 20x fewer qubits. The post Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption appeared first on SecurityWeek.

  • Telnyx Targeted in Growing TeamPCP Supply Chain Attack

    Supply Chain Security · Malware & Threats

    Two malicious versions of the popular SDK were uploaded to the PyPI registry, targeting Windows, macOS, and Linux. The post Telnyx Targeted in Growing TeamPCP Supply Chain Attack appeared first on SecurityWeek.

  • In Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum Deadline

    Data Protection

    Other noteworthy stories that might have slipped under the radar: Heritage Bank data breach, new State Department unit tackles cyber threats, LA Metro disruptions. The post In Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum Deadline appeared first on SecurityWeek.

  • FCC Bans New Routers Made Outside the US Over National Security Risks

    Network Security · Risk Management

    The ban aligns with a White House determination that all routers produced abroad are a threat to national security. The post FCC Bans New Routers Made Outside the US Over National Security Risks appeared first on SecurityWeek.

  • Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack

    Supply Chain Security

    Hackers published a malicious scanner release and replaced tags to point to information-stealer malware. The post Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack appeared first on SecurityWeek.

  • Virtual Summit Today: Supply Chain & Third-Party Risk Summit

    Supply Chain Security

    Cyber risk doesn’t stop at your perimeter. Today’s most dangerous threats could be hiding in your software supply chain. The post Virtual Summit Today: Supply Chain & Third-Party Risk Summit appeared first on SecurityWeek.

  • ArmorCode Raises $16 Million for Exposure Management Platform

    Cybersecurity Funding · Risk Management

    The company will accelerate platform development, expand go-to-market efforts, and invest in product innovation. The post ArmorCode Raises $16 Million for Exposure Management Platform appeared first on SecurityWeek.

  • Data Security Firm Evervault Raises $25 Million in Series B Funding

    Cybersecurity Funding · Data Protection

    The company has raised a total of $46 million in funding for its developer-focused encryption and orchestration platform. The post Data Security Firm Evervault Raises $25 Million in Series B Funding appeared first on SecurityWeek.

  • Zurich Acquires Beazley in $11 Billion Deal to Lead Cyberinsurance

    M&A Tracker · Cyber Insurance

    The deal awaits final shareholder and regulatory approvals and is expected to be completed in the second half of 2026. The post Zurich Acquires Beazley in $11 Billion Deal to Lead Cyberinsurance appeared first on SecurityWeek.

  • Quantum Decryption of RSA Is Much Closer Than Expected

    Data Protection

    For decades, the quantum threat to RSA and ECC encryption has been tied to Shor’s algorithm and the assumption that we would need million-qubit quantum computers to make it practical. A newly announced algorithm challenges that assumption and suggests the breaking point could arrive far sooner than expected. The post Quantum Decryption of RSA Is Much Closer Than Expected appeared first on SecurityWeek.

  • Google Working Towards Quantum-Safe Chrome HTTPS Certificates

    Data Protection

    The internet giant is developing an evolution of the certificates based on Merkle Tree Certificates (MTCs). The post Google Working Towards Quantum-Safe Chrome HTTPS Certificates appeared first on SecurityWeek.

  • Four Risks Boards Cannot Treat as Background Noise

    CISO Strategy · Risk Management

    The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. The post Four Risks Boards Cannot Treat as Background Noise appeared first on SecurityWeek.

  • Reddit Hit With $20 Million UK Data Privacy Fine Over Child Safety Failings

    Privacy & Compliance

    Britain’s data privacy watchdog slapped online forum Reddit on Tuesday with a fine worth nearly $20 million for failures involving children’s personal information. The post Reddit Hit With $20 Million UK Data Privacy Fine Over Child Safety Failings appeared first on SecurityWeek.

  • Autonomous AI Agents Provide New Class of Supply Chain Attack

    Artificial Intelligence · Supply Chain Security

    While this campaign targets crypto wallets and steals money, the methodology has far wider potential that could be used by other attackers. The post Autonomous AI Agents Provide New Class of Supply Chain Attack appeared first on SecurityWeek.

  • NIST’s Quantum Breakthrough: Single Photons Produced on a Chip

    Data Protection

    NIST’s single photon chip will likely make QKD an option for a wider range of companies. The post NIST’s Quantum Breakthrough: Single Photons Produced on a Chip appeared first on SecurityWeek.

  • Password Managers Vulnerable to Vault Compromise Under Malicious Server

    Data Protection

    Researchers at ETH Zurich have tested the security of Bitwarden, LastPass, Dashlane, and 1Password password managers. The post Password Managers Vulnerable to Vault Compromise Under Malicious Server appeared first on SecurityWeek.

  • In Other News: Google Looks at AI Abuse, Trump Pauses China Bans, Disney’s $2.7M Fine

    Privacy & Compliance

    Other noteworthy stories that might have slipped under the radar: vulnerabilities at 277 water systems, DoD employee acting as money mule, 200 airports exposed by flaw. The post In Other News: Google Looks at AI Abuse, Trump Pauses China Bans, Disney’s $2.7M Fine appeared first on SecurityWeek.

  • Nevada Unveils New Statewide Data Classification Policy Months After Cyberattack

    Data Protection

    Officials said data will now be classified as one of four categories: “public,” “sensitive,” “confidential” or “restricted.” The post Nevada Unveils New Statewide Data Classification Policy Months After Cyberattack appeared first on SecurityWeek.

  • Lema AI Emerges From Stealth With $24 Million to Tackle Third-Party Risk

    Cybersecurity Funding · Risk Management

    The funding was raised over Series A and seed funding rounds for its supply chain security solution. The post Lema AI Emerges From Stealth With $24 Million to Tackle Third-Party Risk appeared first on SecurityWeek.

  • New Paper and Tool Help Security Teams Move Beyond Blind Reliance on CISA’s KEV Catalog

    Vulnerabilities · Risk Management

    The KEV list is useful but largely misunderstood. KEVology explains what it is, and how best to use it. The post New Paper and Tool Help Security Teams Move Beyond Blind Reliance on CISA’s KEV Catalog appeared first on SecurityWeek.

  • Organizations Urged to Replace Discontinued Edge Devices

    Network Security · Risk Management

    Edge devices that are no longer supported have been targeted in attacks by state-sponsored hackers, the US says. The post Organizations Urged to Replace Discontinued Edge Devices appeared first on SecurityWeek.

  • Varonis Acquisition of AllTrue.ai Valued at $150 Million

    M&A Tracker · Data Protection

    The data security firm has acquired the AI trust, risk, and security management company to expand its capabilities. The post Varonis Acquisition of AllTrue.ai Valued at $150 Million appeared first on SecurityWeek.

  • Orion Raises $32 Million for Data Security

    Cybersecurity Funding · Data Protection

    The startup will use the funding to accelerate product development and go-to-market operations. The post Orion Raises $32 Million for Data Security appeared first on SecurityWeek.

  • Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack

    Supply Chain Security · Malware & Threats

    A hacker published malicious versions of four established VS Code extensions to distribute a GlassWorm malware loader. The post Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack appeared first on SecurityWeek.

  • Notepad++ Supply Chain Hack Conducted by China via Hosting Provider

    Supply Chain Security

    The likely state-sponsored threat actor had access to the hosting provider for months and targeted only certain Notepad++ customers. The post Notepad++ Supply Chain Hack Conducted by China via Hosting Provider appeared first on SecurityWeek.

  • eScan Antivirus Delivers Malware in Supply Chain Attack

    Supply Chain Security · Malware & Threats

    Hackers compromised a MicroWorld Technologies update server and fed a malicious file to eScan customers. The post eScan Antivirus Delivers Malware in Supply Chain Attack appeared first on SecurityWeek.

  • WhatsApp Boosts Account Security for At-Risk Individuals

    Data Protection

    New Strict Account Settings allow users to block attachments and media and silence calls from unknown people. The post WhatsApp Boosts Account Security for At-Risk Individuals appeared first on SecurityWeek.

  • High-Severity Remote Code Execution Vulnerability Patched in OpenSSL

    Data Protection · Vulnerabilities

    A total of 12 vulnerabilities have been fixed in OpenSSL, all discovered by a single cybersecurity firm. The post High-Severity Remote Code Execution Vulnerability Patched in OpenSSL appeared first on SecurityWeek.

  • ‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

    Supply Chain Security

    The protections against NPM supply chain attacks could be bypassed, leading to arbitrary code execution. The post ‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks appeared first on SecurityWeek.

  • Cyber Insights 2026: Quantum Computing and the Potential Synergy With Advanced AI

    Data Protection · Artificial Intelligence

    Quantum computers are coming, with a potential computing power almost beyond comprehension. The post Cyber Insights 2026: Quantum Computing and the Potential Synergy With Advanced AI appeared first on SecurityWeek.

  • TikTok Finalizes a Deal to Form a New American Entity

    Risk Management

    TikTok has finalized a deal to create a new American entity, avoiding the looming threat of a ban in the United States. The post TikTok Finalizes a Deal to Form a New American Entity appeared first on SecurityWeek.

  • In Other News: €1.2B GDPR Fines, Net-NTLMv1 Rainbow Tables, Rockwell Security Notice

    Data Protection · ICS/OT

    Other noteworthy stories that might have slipped under the radar: Cloudflare WAF bypass, Canonical Snap Store abused for malware delivery, Curl terminating bug bounty program The post In Other News: €1.2B GDPR Fines, Net-NTLMv1 Rainbow Tables, Rockwell Security Notice appeared first on SecurityWeek.

  • Cyber Insights 2026: Regulations and the Tangled Mess of Compliance Requirements

    Privacy & Compliance

    Cyber regulations are where politics meets business – where business becomes subject to political realities. The post Cyber Insights 2026: Regulations and the Tangled Mess of Compliance Requirements appeared first on SecurityWeek.

  • Monnai Raises $12 Million for Identity and Risk Data Infrastructure

    Cybersecurity Funding · Risk Management

    The company will use the investment to accelerate the adoption of its solution among financial institutions and digital businesses. The post Monnai Raises $12 Million for Identity and Risk Data Infrastructure appeared first on SecurityWeek.

  • Project Eleven Raises $20 Million for Post-Quantum Security

    Data Protection · Cybersecurity Funding

    The startup is building the necessary infrastructure and tools to help organizations transition to post-quantum computing. The post Project Eleven Raises $20 Million for Post-Quantum Security appeared first on SecurityWeek.

  • Cybersecurity Firms React to China’s Reported Software Ban

    Risk Management

    China has more than 5,000 cybersecurity companies and all the top 20 firms are working with the government. The post Cybersecurity Firms React to China’s Reported Software Ban appeared first on SecurityWeek.

  • Cyera Raises $400 Million at $9 Billion Valuation

    Data Protection · Cybersecurity Funding

    The New York-based data security company has tripled its valuation in just one year. The post Cyera Raises $400 Million at $9 Billion Valuation appeared first on SecurityWeek.

  • Cyber Risk Trends for 2026: Building Resilience, Not Just Defenses

    Risk Management

    We can’t outpace the adversary by trying to stop every attack, but we can outlast them by engineering systems and culture to take a punch and try to quickly rebound. The post Cyber Risk Trends for 2026: Building Resilience, Not Just Defenses appeared first on SecurityWeek.

  • Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist

    Supply Chain Security · Application Security

    The worm exposed Trust Wallet’s Developer GitHub secrets, allowing attackers to publish a backdoor extension and steal funds from 2,520 wallets. The post Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist appeared first on SecurityWeek.

  • Infostealer Malware Delivered in EmEditor Supply Chain Attack

    Supply Chain Security · Malware & Threats

    The ‘download’ button on the official EmEditor website served a malicious installer. The post Infostealer Malware Delivered in EmEditor Supply Chain Attack appeared first on SecurityWeek.

  • Italy Antitrust Agency Fines Apple $116 Million Over Privacy Feature; Apple Announces Appeal

    Privacy & Compliance

    Italy’s antitrust authority fined Apple $116 million after determining that operating one of its privacy features restricted App Store competition. The post Italy Antitrust Agency Fines Apple $116 Million Over Privacy Feature; Apple Announces Appeal appeared first on SecurityWeek.

  • From Open Source to OpenAI: The Evolution of Third-Party Risk

    Vulnerabilities · Supply Chain Security

    From open source libraries to AI-powered coding assistants, speed-driven development is introducing new third-party risks that threat actors are increasingly exploiting. The post From Open Source to OpenAI: The Evolution of Third-Party Risk appeared first on SecurityWeek.

  • Niobium Raises $23 Million for FHE Hardware Acceleration

    Data Protection · Cybersecurity Funding

    The startup will invest the funds in accelerating development of its second-generation fully homomorphic encryption (FHE) platforms. The post Niobium Raises $23 Million for FHE Hardware Acceleration appeared first on SecurityWeek.

  • Arizona Attorney General Sues Chinese Online Retailer Temu Over Data Theft Claims

    Data Protection

    Arizona is the latest state to sue Temu and its parent company PDD Holdings over allegations that the Chinese online retailer is stealing customers’ data. The post Arizona Attorney General Sues Chinese Online Retailer Temu Over Data Theft Claims appeared first on SecurityWeek.

  • Zafran Security Raises $60 Million in Series C Funding

    Cybersecurity Funding · Risk Management

    The cybersecurity startup will use the investment to accelerate product innovation and global expansion. The post Zafran Security Raises $60 Million in Series C Funding appeared first on SecurityWeek.

  • Thousands of Secrets Leaked on Code Formatting Platforms

    Data Protection

    JSONFormatter and CodeBeautify users exposed credentials, authentication keys, configuration information, private keys, and other secrets. The post Thousands of Secrets Leaked on Code Formatting Platforms appeared first on SecurityWeek.

  • Cybersecurity Is Now a Core Business Discipline

    Risk Management

    Boardroom conversations about cyber can no longer be siloed apart from strategy, operations, or geopolitics. The post Cybersecurity Is Now a Core Business Discipline appeared first on SecurityWeek.

  • 640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack

    Supply Chain Security

    The new self-replicating worm iteration has destructive capabilities, erasing home directory contents if it cannot spread to more repositories. The post 640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack appeared first on SecurityWeek.

  • Over 370 Organizations Take Part in GridEx VIII Grid Security Exercise

    ICS/OT · Risk Management

    The number of participants in the cyber and physical grid security exercise increased by nearly 50% compared to two years ago. The post Over 370 Organizations Take Part in GridEx VIII Grid Security Exercise appeared first on SecurityWeek.

  • Vulnerability Allowed Scraping of 3.5 Billion WhatsApp Accounts

    Data Protection · Vulnerabilities

    Researchers demonstrated a now-patched vulnerability that could have been used to enumerate all WhatsApp accounts. The post Vulnerability Allowed Scraping of 3.5 Billion WhatsApp Accounts appeared first on SecurityWeek.

  • Many Forbes AI 50 Companies Leak Secrets on GitHub

    Artificial Intelligence · Data Protection

    Wiz found the secrets and warned that they can expose training data, organizational structures, and private models. The post Many Forbes AI 50 Companies Leak Secrets on GitHub appeared first on SecurityWeek.

  • Chinese APT Uses ‘Airstalk’ Malware in Supply Chain Attacks

    Supply Chain Security

    PowerShell and .NET variants of the malware abuse AirWatch’s MDM API to establish a C&C communication channel. The post Chinese APT Uses ‘Airstalk’ Malware in Supply Chain Attacks appeared first on SecurityWeek.

  • MITRE Unveils ATT&CK v18 With Updates to Detections, Mobile, ICS

    Risk Management

    MITRE has unveiled the latest version of ATT&CK, with the most significant changes in the defensive part of the framework. The post MITRE Unveils ATT&CK v18 With Updates to Detections, Mobile, ICS appeared first on SecurityWeek.

  • CyberRidge Emerges From Stealth With $26 Million for Photonic Encryption Solution

    Cybersecurity Funding · Data Protection

    The company has built a plug-and-play photonic layer transmission system that encrypts data in transit to prevent interception. The post CyberRidge Emerges From Stealth With $26 Million for Photonic Encryption Solution appeared first on SecurityWeek.

  • Chrome to Turn HTTPS on by Default for Public Sites

    Data Protection

    Starting October 2026, the browser will ask users if they want to access public websites that do not use secure connections. The post Chrome to Turn HTTPS on by Default for Public Sites appeared first on SecurityWeek.

  • New Firefox Extensions Required to Disclose Data Collection Practices

    Data Protection

    All new extensions will be required to declare their data collection practices in their manifest file using a specific key. The post New Firefox Extensions Required to Disclose Data Collection Practices appeared first on SecurityWeek.

  • SBOM Pioneer Allan Friedman Joins NetRise to Advance Supply Chain Visibility

    Supply Chain Security

    NetRise appointed the former CISA Senior Advisor and Strategist as a Strategic Advisor. The post SBOM Pioneer Allan Friedman Joins NetRise to Advance Supply Chain Visibility appeared first on SecurityWeek.

  • Veeam to Acquire Data Security Firm Securiti AI for $1.7 Billion

    M&A Tracker · Data Protection

    The acquisition will unify data resilience with DSPM, privacy, governance, and AI trust across production and secondary data. The post Veeam to Acquire Data Security Firm Securiti AI for $1.7 Billion appeared first on SecurityWeek.

  • Supply Chain Attack Targets VS Code Extensions With ‘GlassWorm’ Malware

    Supply Chain Security · Malware & Threats

    The malware uses invisible Unicode characters to hide its code and blockchain-based infrastructure to prevent takedowns. The post Supply Chain Attack Targets VS Code Extensions With ‘GlassWorm’ Malware appeared first on SecurityWeek.

  • Matters.AI Raises $6.25 Million to Safeguard Enterprise Data

    Cybersecurity Funding · Data Protection

    The company’s AI Security Engineer autonomously keeps enterprise data protected across devices and environments. The post Matters.AI Raises $6.25 Million to Safeguard Enterprise Data appeared first on SecurityWeek.

  • HyperBunker Raises Seed Funding to Launch Next-Generation Anti-Ransomware Device

    Ransomware · Data Protection

    Investors are placing bets on a hardware-based approach to data security in a market dominated by software solutions for ransomware resilience. The post HyperBunker Raises Seed Funding to Launch Next-Generation Anti-Ransomware Device appeared first on SecurityWeek.

  • In Other News: PQC Adoption, New Android Spyware, FEMA Data Breach

    Data Protection

    Other noteworthy stories that might have slipped under the radar: cybercriminals offer money to BBC journalist, LinkedIn user data will train AI, Tile tracker vulnerabilities. The post In Other News: PQC Adoption, New Android Spyware, FEMA Data Breach appeared first on SecurityWeek.

  • Zania Raises $18 Million for AI-Powered GRC Platform

    Risk Management · Cybersecurity Funding

    The company plans to triple its engineering and go‑to‑market teams and to accelerate its agentic AI platform. The post Zania Raises $18 Million for AI-Powered GRC Platform appeared first on SecurityWeek.

  • GitHub Boosting Security in Response to NPM Supply Chain Attacks

    Supply Chain Security · Application Security

    GitHub will implement local publishing with mandatory 2FA, granular tokens that expire after seven days, and trusted publishing. The post GitHub Boosting Security in Response to NPM Supply Chain Attacks appeared first on SecurityWeek.

  • RegScale Raises $30 Million for GRC Platform

    Risk Management · Cybersecurity Funding

    RegScale has raised a total of more than $50 million, with the latest investment being used to enhance its platform and expand. The post RegScale Raises $30 Million for GRC Platform appeared first on SecurityWeek.

  • Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit

    Supply Chain Security · Application Security

    The packages were injected with malicious code to harvest secrets, dump them to a public repository, and make private repositories public. The post Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit appeared first on SecurityWeek.

  • Ray Security Emerges From Stealth With $11M to Bring Real-Time, AI-Driven Data Protection

    Cybersecurity Funding · Data Protection

    Tel Aviv, Israel-based Ray Security emerged from stealth with $11 million seed funding and a desire to change the way corporate data is protected. The funding was co-led by Venture Guides and Ibex Investors. The post Ray Security Emerges From Stealth With $11M to Bring Real-Time, AI-Driven Data Protection appeared first on SecurityWeek.

  • Google Launched Behind-the-Scenes Campaign Against California Privacy Legislation; It Passed Anyway

    Privacy & Compliance

    Powerful companies typically combine traditional lobbying and strategies used by civil society organizations when regulatory pressures threaten their core business model. The post Google Launched Behind-the-Scenes Campaign Against California Privacy Legislation; It Passed Anyway appeared first on SecurityWeek.

  • Highly Popular NPM Packages Poisoned in New Supply Chain Attack

    Supply Chain Security · Application Security

    Designed to intercept cryptocurrency transactions, the malicious code reached 10% of cloud environments. The post Highly Popular NPM Packages Poisoned in New Supply Chain Attack appeared first on SecurityWeek.

  • Ransomware Losses Climb as AI Pushes Phishing to New Heights

    Cyber Insurance · Ransomware

    Based on real-world insurance claims, Resilience’s midyear report shows vendor risk is declining but costly, ransomware is evolving with triple extortion, and social engineering attacks are accelerating through AI. The post Ransomware Losses Climb as AI Pushes Phishing to New Heights appeared first on SecurityWeek.

  • Ex-WhatsApp Employee Sues Meta Over Vulnerabilities, Retaliation

    Privacy & Compliance

    Attaullah Baig has filed a lawsuit against Meta and its executives, accusing them of retaliation over critical cybersecurity failures. The post Ex-WhatsApp Employee Sues Meta Over Vulnerabilities, Retaliation appeared first on SecurityWeek.

  • GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets

    Supply Chain Security · Application Security

    A supply chain attack called GhostAction has enabled threat actors to steal secrets and exploit them. The post GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets appeared first on SecurityWeek.

  • Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack

    Supply Chain Security

    The private repositories of hundreds of organizations were published publicly in the second phase of the Nx supply chain attack. The post Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack appeared first on SecurityWeek.

  • FireCompass Raises $20 Million for Offensive Security Platform

    Risk Management · Cybersecurity Funding

    The AI-powered automated penetration testing firm will invest the new funds in R&D, team expansion, and global scale. The post FireCompass Raises $20 Million for Offensive Security Platform appeared first on SecurityWeek.

  • US, Allies Push for SBOMs to Bolster Cybersecurity

    Risk Management · Application Security

    SBOM adoption will drive software supply chain security, decreasing risks and costs, and improving transparency. The post US, Allies Push for SBOMs to Bolster Cybersecurity appeared first on SecurityWeek.

  • Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack

    Supply Chain Security · Vulnerabilities

    With more than 4 million weekly downloads, the Nx build platform became the first known supply chain breach where hackers weaponized AI assistants for data theft. The post Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack appeared first on SecurityWeek.

  • FTC Calls on Tech Firms to Resist Foreign Anti-Encryption Demands

    Data Protection

    Tech giants have received a letter from the FTC urging them not to weaken security and privacy at the request of foreign governments. The post FTC Calls on Tech Firms to Resist Foreign Anti-Encryption Demands appeared first on SecurityWeek.