Cyber supply chain risk management (C-SCRM) is the process of identifying, assessing, and mitigating cybersecurity risks associated with an organization’s supply chain. Supply chains comprise multiple attack vectors, ranging from procurement tools to suppliers, developers, and third-party services. The complexity of this attack surface warrants a risk management strategy focused on supply chain risks as an extension to an existing third-party risk management program.

It’s almost time for KubeCon North America, and we’re excited to share the latest updates in Calico. These updates improve network and runtime security, make it easier to use, and extend Calico’s strong network security and observability for Kubernetes to VMs and hosts that are not part of Kubernetes clusters.

In this two part blog post we will take a deeper look at eBPF and some of its known vulnerabilities. After a quick introduction to eBPF, how it and its ecosystem works, common attacks, we will talk about how automation and fuzzing can help you to harden your eBPF applications.

On October 31st, 2024, another package compromise and cryptocurrency hijack story unfolded for a popular npm package.

Passwords are required to do practically everything, from watching TV and accessing your phone to making a doctor’s appointment and paying your electric bill. Without a password manager, it’s virtually impossible to remember all of your passwords, particularly if you’re using strong and unique ones for each account.

Beware! Remote work and the variety of collaboration tools are making it easier than ever to access and share data, leaving sensitive information at risk from data vampires. Today, we share an old dark tale for you, but just as in Grimm’s fairy tales, the lessons are still frightfully relevant.