Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

veracode

The Hidden Risks in Your Software Supply Chain: What You Need to Know in 2025 and Beyond

Sep 4, 2025 By Natalie Tischler In Veracode
Modern software development thrives on speed and innovation, fueled by open-source libraries and third-party components. These resources are essential; they accelerate development cycles, reduce costs, and enable teams to bring complex projects to life. But with great reliance comes great risk. The software supply chain is under attack, and vulnerabilities hidden within can create massive security, operational, and compliance challenges.
Read Post
nightfall

The Cloudflare Breach: Why Supply Chain Security Can't Be an Afterthought in 2025

Sep 4, 2025 By Anant Mahajan In Nightfall
The cybersecurity industry woke up to yet another supply chain nightmare this week. Cloudflare, one of the world's largest web infrastructure companies, confirmed that attackers accessed 104 of their API tokens through the cascading Salesloft Drift breach. This incident perfectly illustrates why modern organizations need to rethink their approach to third-party vendor security.
Read Post
Trustwave

Securing Healthcare's Vulnerable Supply Chain

Sep 2, 2025 By Trustwave In Trustwave
The digital interdependence of today’s healthcare supply chain has created new systemic risks. Cybersecurity is no longer limited to internal systems, but vulnerabilities in the innumerable third-party suppliers can now expose entire networks to disruption. From patient records stored in the cloud to diagnostic tools and logistics platforms, every element is a potential entry point for attackers.
Read Post
veracode

Software Supply Chain Attacks in 2025: What We Learned from Gartner

Aug 26, 2025 By Joe Ariganello In Veracode
Download the Gartner 2025 Market Guide for Software Supply Chain Security (SSCS) to learn how to protect your organization. Software supply chain attacks are a top threat to enterprises worldwide. These sophisticated attacks target everything from open-source components and third-party APIs to critical DevOps toolchains. If you’re building software, your supply chain is a prime target.
Read Post
datadog

Abusing supply chains: How poisoned models, data, and third-party libraries compromise AI systems

Aug 18, 2025 By Mallory Mooney In Datadog
The AI ecosystem is rapidly changing, and with this growth comes unique challenges in securing the infrastructure and services that support it. In Part 1 of this series, we explored how attackers target the underlying resources that host and run AI applications, such as cloud infrastructure and storage. In this post, we'll look at threats that affect AI-specific resources in supply chains, which are the software and data artifacts that determine how an AI service operates.
Read Post
netskope

Netskope BEAM: Open Source Detector for Supply Chain Compromise

Aug 7, 2025 By Colin Estep In Netskope
Netskope Threat Labs is pleased to announce the release of a new open-source tool that detects supply chain attacks. Our new tool, Behavioral Evaluation of Application Metrics (BEAM), requires no endpoint agent deployment and will analyze the network traffic you are already capturing in your organization to determine if your applications are communicating with unusual hosts that could be part of an attack. This tool is the subject of a 2025 Black Hat USA briefing.
Read Post

Fortify Your Software Supply Chain with Veracode

Jul 28, 2025 By VERACODE In Veracode
Cyber attacks on the software supply chain are soaring, putting your applications and your business at unprecedented risk. But what if you could fortify your defenses, accelerate innovation securely, and stay ahead of every threat? Veracode Supply Chain Security helps you protect your organization from supply chain attacks with a powerful, unified approach to protecting your supply chain.
View Video
Top Financial Cyber Threats Facing Businesses in 2025

Top Financial Cyber Threats Facing Businesses in 2025

Jul 24, 2025 By SecuritySenses In SecuritySenses
The world of business is facing a growing wave of cyber threats, especially when it comes to financial security. Cybercriminals are getting smarter, and their tactics are more sophisticated than ever. This isn't just a concern for big corporations; businesses of all sizes need to stay alert. A cyberattack could lead to major financial losses, damage to your reputation, or even legal headaches. In this article, we'll break down some of the top financial cyber threats businesses will likely face in 2025.
Read Post
CrowdStrike

CrowdStrike Falcon Prevents Supply Chain Attack Involving Compromised NPM Packages

Jul 23, 2025 By Veronica Tecan In CrowdStrike
Recently, five popular NPM (Node Package Manager) packages were compromised and modified to deliver a malicious DLL, dubbed “Scavenger”. The malware pushed via these compromised NPM packages executes in two stages: an initial first-stage loader, followed by a second-stage infostealer. NPM is the package manager for the Node.js JavaScript platform, which allows developers to share and manage JavaScript libraries and tools.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.