Supply Chain Security stories

Archipelo and Checkmarx partner to fuse dev workflow signals with app security scans, giving teams origin evidence to prioritise fixes.

JFrog warns 13 GitHub CI/CD workflow flaws, mostly critical, could let attackers hijack pipelines and steal secrets at scale.

Claude Code flaws found by Check Point could let malicious repos run code and grab API keys before developers confirm a project is trusted.

Delinea acquires StrongDM to create a unified, just-in-time identity security control plane for AI-driven and hybrid cloud environments.

Delinea acquires StrongDM to fuse privileged access tools with just‑in‑time authorisation, tackling AI‑driven identity and access risks.

Endor Labs has launched AURI, an AI-aware security platform that embeds continuous code checks directly into agent-driven development workflows.

Cyber consultancy Reversec has named former Accenture executive Åse Holmberg Zetterlund as CEO to drive its next phase of global expansion.

NCC warns that insecure connected farm machinery could let cyber attacks disrupt harvests, cut yields and threaten food supply chains.

Rising AI adoption is driving higher security spend, yet most enterprises still suffer repeated breaches as risk outpaces new defences.

Manifest research reveals executives overestimate AI security readiness, as AppSec teams warn of unmanaged tools, blind spots and rising risk.

UpGuard debuts Risk Automations to link cyber risk findings with security workflows, promising faster fixes after USD $75 million raise.

Canada's long-stalled cybersecurity overhaul is reborn as Bill C-8, promising strict rules for critical infrastructure after years of delay.

As AI tools spread through software teams, rising security flaws and shadow AI use are forcing leaders to tighten guardrails fast.

GitProtect DevOps backup lands on Microsoft Marketplace, giving Azure customers streamlined procurement and deployment for code protection.

Chainguard expands its rebuilt-from-source Libraries to Python, Java and JavaScript, targeting malware risks in AI-driven software supply chains.

A rapid surge in OpenClaw AI assistant use has left tens of thousands of exposed systems and a trail of hijacked tools and malicious add-ons.

GitLab expands its MSP partner programme to deliver agentic AI-powered DevSecOps as a managed service with strict data sovereignty controls.

Datadog warns 87% of organisations run software with exploitable flaws as ageing code, fast releases and automation amplify DevSecOps risk.

AI-driven hackers can now steal data in just 72 minutes, as faster, multi-surface attacks overwhelm complex, over-trusting enterprises.

UpGuard secures USD $75m Series C to scale its AI cyber risk platform, fuelling product development, global expansion and acquisitions.