Tag: AI supply chain attacks
Widespread Mini Shai-Hulud Campaign Is a Matter of Trust
Jeff Burt | | 360 Privacy, AI supply chain attacks, Aikido Security, CI/CD security, credentials, Endor Labs, npm malware, Pathlock, Sectigo, Shai-Hulud worm, TeamPCP, trust in technologyThe latest series of attacks using the notorious Shai-Hulud worm puts into sharp focus the threats facing software developers and their CI/CD pipelines, an issue that has been raised in recent months ...
Sophisticated Supply Chain Attack Targeting Trivy Expands to Checkmarx, LiteLLM
Jeff Burt | | AI (Artificial Intelligence), AI supply chain attacks, Aqua Security Trivy, Checkmarx, Cloud Security, credentials, exposed secrets, GitHub Actions, LiteLLM, microsoft, Palo Alto Networks, Sysdig, TeamPCPThe supply chain attack that compromised Aqua Security’s Trivy open source security vulnerability scanner and its associated GitHub Actions earlier this month continues to expand, with software development tools from Checkmarx and ...
Three Encryption Resolutions for DevSecOps in 2026
Jaya Mehmie | | AI supply chain attacks, automated certificate management, CA/B Forum code signing rules, certificate lifecycle management, CI/CD pipeline security, code signing certificates, dependency scanning security, DevSecOps compliance, DevSecOps New Year resolutions, DevSecOps supply chain security, open source supply chain risk, PKI for DevSecOps, secure software development lifecycle, self-signed certificate risks, software supply chain attacksAs supply chain attacks surge and AI-powered threats grow, DevSecOps teams must strengthen CI/CD security. Learn why PKI, code signing, and certificate automation are critical in the year ahead ...
