#supply-chain-compromise

[ follow ]
#trust-based-attacks #federated-identity-abuse #ai-automation-risk #telemetry-and-behavior-monitoring
fromComputerWeekly.com
1 week ago

From trust to turbulence: Cyber's road ahead in 2026 | Computer Weekly

In 2025, trust became the most exploited surface in modern computing. For decades, cyber security has centered on vulnerabilities, software bugs, misconfigured systems and weak network protections. Recent incidents in cyber security marked a clear turning point, as attackers no longer needed to rely solely on traditional techniques. This shift wasn't subtle. Instead, it emerged across nearly every major incident: supply chain breaches leveraging trusted platforms, credential abuse across federated identity systems,
Information security
Information security
fromThe Hacker News
1 week ago

5 Threats That Reshaped Web Security This Year [2025]

AI-powered 'vibe coding' produced functional but widely exploitable code, undermining traditional web security and requiring fundamentally new defensive approaches.
fromThe Hacker News
3 weeks ago

Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks

The infection chains, per Google, involve a combination of phishing campaigns designed to steal credentials or distribute malware and leveraging trusted relationships with third-party suppliers and partners. The second approach signals a particularly clever strategy when striking defense contractors. While these organizations tend to have robust defenses, that may not be the case with third-party partners - a weak link in the supply chain that UNC1549 weaponizes to its advantage by first gaining access to a connected entity in order to infiltrate its main targets.
Miscellaneous
Information security
fromSecurityWeek
2 months ago

Volvo Group Employee Data Stolen in Ransomware Attack

Volvo Group North America notified employees that names and Social Security numbers were exposed after a ransomware attack on supplier Miljödata.
Information security
fromThe Hacker News
3 months ago

Abandoned Sogou Zhuyin Update Server Hijacked, Weaponized in Taiwan Espionage Campaign

Threat actors hijacked an abandoned Sogou Zhuyin update server to deliver multiple malware families and conduct espionage against targets across Eastern Asia.
Information security
fromThe Hacker News
3 months ago

Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage

Murky Panda exploits trusted cloud relationships, internet-facing appliances, and supply-chain weaknesses to gain access and deploy a Golang RAT called CloudedHope.
[ Load more ]