Latest threats Bug bounty For devs Deep dives More About

Web security vulnerabilities Network security vulnerabilities Cloud security Zero-day news Supply chain attacks

View all web security news

Prototype pollution

Prototype pollution project yields another Parse Server RCE

Bug bounty news VDPs Bug Bounty Radar

View all bug bounty news

Bug Bounty Radar

The latest programs for February 2023

DevSecOps Security best practices Dev stack tech

View all dev related news

All Day DevOps

AppSec engineer keynote says Log4j revealed lessons were not learned from the Equifax breach

Deep dives Interviews

View all of the latest features

Infosec beginner?

A rough guide to launching a career in cybersecurity

Industry news Enterprise security news Web hacking tools Events

View all infosec industry news

Cybersecurity conferences

A schedule of events in 2022 and beyond

Latest software supply chain attack news

A software supply chain attack occurs when malicious hackers compromise third-party software dependencies used in multiple ‘downstream’ applications.

By compromising a single open source package or library, attackers can potentially steal confidential data from, cause a denial of service, or breach networks at hundreds – or even thousands – of organizations.

Small wonder this attack vector has become increasingly commonplace, with the ‘Sunburst’ attack in 2020, which gave attackers access to 18,000 SolarWinds customers, a watershed moment.

Catch up with the latest supply chain attack news and analysis here.