The invisible supply chain inside every mobile app

Most mobile app risk comes from software your organization didn’t build, approve, or even know existed.
SecurityWeek

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM

Hulud-like Sandworm_Mode supply chain attack targets NPM developers to steal secrets and poison AI assistants.
GovCon Wire

The Cybersecurity Challenges of the Supply Chain: Navigating Risks in a Hyper-Connected, Emerging-Tech World

Chuck Brooks, president of Brooks Consulting International and a GovCon Expert, outlines how emerging tech is reshaping cyber supply chain risk.
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...

Harley-Davidson's model codes aren't as random as they seem – here's what they mean

Harley-Davidson's model codes may look confusing, but they actually follow a fairly simple structure. Here's what they mean ...
New York Post

NYC subway rider wears exposed leather chain cage around genitals — but cops say it doesn’t break penal code

It’s just another day on the rails in New York City. An Upper East Side subway rider was photographed wearing a leather strap and chain “cage’’ that was barely covering his genitals — and was visible ...
Business Wire

Total Economic Impact Study: JFrog Unifies and Accelerates the Secure Software Supply Chain from Code to AI

New Industry Analyst Study Shows that JFrog Delivered 282% ROI in Three Years, Reducing Risk While Accelerating Safer Software Releases for Enterprises The JFrog Software Supply Chain Platform ...
CoinDesk

Crypto’s worst year for hacks wasn’t a smart contract issue. It was a people problem.

Cryptocurrency’s security story is changing, and not in the way most investors expect or would like to, as while crypto losses are on the rise, so too is onchain security. Even as 2025 went down as ...
CSOonline

Possible software supply chain attack through AWS CodeBuild service blunted

An AWS misconfiguration in its code building service could have led to a massive number of compromised key AWS GitHub code repositories and applications, say researchers at Wiz who discovered the ...
SiliconANGLE

Cyata flags agentic AI supply-chain risk in Cursor remote code execution bug

A new report out today from artificial intelligence security startup Cyata Security Ltd. details a critical remote code execution vulnerability in Cursor Inc.’s integrated development environment that ...