WAGO GmbH & Co. KG Industrial Managed Switches
View CSAF Summary An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full comp...
Manufacturing
20 articles
Expert panel: Cyber conflict in a fractured world
No longer are geopolitical standoffs settled on the traditional battlefields of diplomacy and arms; now, the digital realm has emerged as the arena for these...
Microsoft Unveils New Guidance to Detect and Defend Against Trivy Supply Chain Attack
Aqua Security’s vulnerability scanner, Trivy, suffered a sophisticated CI/CD supply chain compromise. The threat actor, identified as TeamPCP, leveraged prio...
Widespread cloud environment compromise facilitated by Trivy supply chain hack
More than 1,000 software-as-a-service environments were reported by Mandiant Consulting Chief Technology Officer Charles Carmakal to have already been compro...
FCC bans foreign-made routers in bid to secure supply chain
Security pros OK with FCC’s move to ban foreign routers, but say the real risk lies with unmanaged identities.
Supply chain attack hits widely-used AI package, risks impacting thousands of companies
The incident highlights growing concerns over the security of the open-source software supply chain, where widely-used tools maintained by small teams can pr...
Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne
Cybersecurity company’s annual report issues warning over a “mass-marketed impersonation crisis” over attackers abusing legitimate credentials
Best Klaviyo Alternatives for Revenue Growth and Advanced Analytics
Top Klaviyo alternatives offer advanced analytics, automation, and insights to help e-commerce brands improve campaigns, boost revenue, and track performance.
AI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest Link
PwC finds AI is amplifying speed and scale of attacks, as identity theft evolves into a cybercriminal supply chain. The post AI Speeds Attacks, But Identity ...
Paid AI Accounts Are Now a Hot Underground Commodity
AI accounts are becoming part of the cybercrime supply chain, sold like email accounts or VPS access. Flare Systems shows how underground markets bundle and ...
Vorlon adds forensics and response to secure AI agents
Vorlon has unveiled AI Agent Flight Recorder and AI Agent Action Center, adding forensics and coordinated response to secure enterprise agentic ecosystems an...
GoHarbor Issues Urgent Patch for Harbor Flaw Allowing Full Registry Compromise
A critical security flaw in GoHarbor’s Harbor container registry exposes organizations to severe supply chain attacks. Tracked as CVE-2026-4404, this vulnera...
Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave
What started as a supply chain attack on Trivy, a widely used security scanner, has become a Lapsus$-linked extortion campaign, with more than 1,000 enterpri...
TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise
Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group
2026 SC Award winner Black Duck — Best Supply Chain Security Solution
Black Duck earns honor for delivering visibility at scale.
2026 SC Award winner Securonix UEBA – Best Insider Threat Solution
AI-driven UEBA platform detects insider threats using behavioral analytics and automation.
LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks
A slew of supply chain attacks against popular open source tools and packages appears to have been orchestrated by TeamPCP, a cybercriminal group that rose t...
Hackers Exploiting Magento Flaw to Execute Remote Code and Seize Full Account Access
A critical vulnerability dubbed “PolyShell” is actively being exploited across Magento and Adobe Commerce platforms. Discovered by the Sansec Forensics Team ...
ClawHub Vulnerability Lets Attackers Manipulate Rankings to Become Top Skill
Silverfort researchers recently uncovered a critical security flaw in ClawHub, the main public registry for the OpenClaw agent ecosystem. This vulnerability ...
Malicious LiteLLM versions linked to TeamPCP supply chain attack
TeamPCP backdoored LiteLLM v1.82.