Supply
-
Blog
GitHub Action hack likely led to another in cascading supply chain attack
A cascading supply chain attack that began with the compromise of the “reviewdog/action-setup@v1” GitHub Action is believed to have led to the recent breach of “tj-actions/changed-files” that leaked CI/CD secrets. Last week, a supply chain attack on the tj-actions/changed-files GitHub Action caused malicious code to write CI/CD secrets to the workflow logs for 23,000 repositories. If those logs had been…
Read More » -
Blog
Supply chain attack on popular GitHub Action exposes CI/CD secrets
A supply chain attack on the widely used ‘tj-actions/changed-files’ GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD secrets from GitHub Actions build logs. The GitHub Action is a very popular automation tool designed for GitHub Actions workflows. It allows developers to identify files changed in a pull request or commit and take actions based on…
Read More » -
Blog
Organizations urged to act fast after GitHub Action supply chain attack
More than 20,000 organizations may be at risk following a supply chain attack affecting tj-actions/changed-files GitHub Action. GitHub Actions is a continuous integration and continuous delivery (CI/CD) service that enables developers to automate software builds and tests. Workflows are triggered by specific events, for example when new code is committed to the repository. Used in more than 23,000 repositories, tj-actions/changed-files…
Read More » -
Blog
Cybersecurity skills demand still isn’t matching supply – what can leaders do in 2025 to redress the balance?
The tech sector continues to struggle with meeting demand for cybersecurity skills, an issue that appears to be getting worse over time. According to ISC2’s latest Cybersecurity Workforce Study, cyber workforce growth has slowed while the cybersecurity skills gap has grown to a record high of 4.8 million – up 19% compared to a year earlier. A total of 10.2…
Read More » -
Blog
Safety of Food Supply Threatened by FDA Spending Freeze
Food safety experts in and outside the agency agree that the food program’s budget was already inadequate to carry out the amount of oversight required even before the new administration took over this year. Indeed, some of the budget cuts to outbreak rapid response teams now going into effect were first proposed under the previous administration’s FDA, says Steven Mandernach,…
Read More » -
Blog
Silk Typhoon hackers now target IT supply chains to breach networks
Microsoft warns that Chinese cyber-espionage threat group ‘Silk Typhoon’ has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. The tech giant has confirmed breaches across multiple industries, including government, IT services, healthcare, defense, education, NGOs, and energy. “They [Silk Typhoon] exploit unpatched applications that allow them…
Read More » -
Blog
Why supply chain oversight is critical for business
All businesses, from the smallest ventures to the largest enterprises, have supply chains and a need for supply chain oversight. Whether it’s the raw materials made into the product you sell, or the office equipment and software you procure for your service-based business, you’ll always have dependencies and a need to maintain oversight over your personal supply chain. In any…
Read More » -
Blog
Microsoft launches genAI sales agents that focus on finance and supply chain – Computerworld
Salespeople spend hours verifying leads, writing to customers and then waiting for responses, said Bryan Goode, corporate vice president for business applications and platforms at Microsoft. “If you can take something that used to take hours and do it in minutes, you can spend more time selling,” he said. One agent, called “sales chat,” can automatically create documents by drawing…
Read More » -
Blog
What are the impact of tariffs on tech and will we see another semiconductor supply chain crisis?
The uncertainty around the impact of tariffs is stark right now, with those in the tech sector far from alone in wondering how they might be affected by sweeping taxes on imports. First on the campaign trail and now in office, the Trump administration has repeatedly sung the praises of tariffs and, at time of publication, is in the process…
Read More » -
Blog
Abandoned S3 buckets could have caused a catastrophic supply chain attack – and all at a cost of just $400
Abandoned cloud storage buckets were ripe to be taken over by cyber criminals and used to conduct a supply chain attack that would have dwarfed the 2020 SolarWinds incident, according to new research. A report from watchTowr Labs demonstrated how attackers could potentially exploit unused cloud storage buckets to gain access to sensitive networks of national governments, militaries, and major…
Read More »
