Explores Zero Trust, SBOM, and practical steps to secure the software supply chain, boost resilience, and communicate risk to leadership.

Elastic Security Labs quickly spotted the unfolding supply-chain attack that backdoored the popular JavaScript library Axios, ...

Open source designs offer flexibility, yet they also create long-term dependency paths that may hide more risk than ...

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was created ...

The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn't abuse them to publish ...

Breakdown of the Trivy GitHub Actions attack, including workflow misconfigurations, token theft, and supply chain exposure.

The software supply chain can't catch a break, security-wise. Despite multiple organizations making claims they'd make security a higher priority than features as they developed new software, AI ...

From mapping dependencies to immutable recovery—strategic steps to reduce your blast radius in an interconnected world.

Four in 10 enterprise applications will feature task-specific AI agents this year. Yet, research from Stanford University’s 2025 Index Report shows that a mere 6% of organizations have an advanced AI ...

Over the past several years, software supply chain security and maintenance have become a cornerstone of national security. From George W. Bush to Joe Biden, each presidency has faced its ...

Managing risk across an extended supply chain is extremely challenging for organizations of all sizes. The sheer volume of connected components that communicate, store, and process data will continue ...

Your biggest risk may be a vendor you trust. How can SMBs map their third-party blind spots and build operational resilience?