Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

nightfall

GitHub Supply Chain Attacks Highlight the Urgency of Zero Trust SaaS Data Security

May 10, 2022 By Michael Osakwe In Nightfall

In early April, the tech industry witnessed a major GitHub security incident targeting GitHub organizations using Heroku and Travis CI. GitHub was made aware of this threat via an attack leveraging AWS API keys to GitHub’s own npm production infrastructure. As upstream security risks within SaaS platforms become more common, organizations that leverage these platforms are relying on tools like Nightfall to protect themselves.

Read Post
Feroot

The TTPs of JavaScript Supply Chain Attacks

Apr 28, 2022 By Feroot Security Team In Feroot

Recent research studies demonstrate that software supply chain attacks are on the upswing—by almost 300% in 2021 alone. To avoid attacks related to open-source libraries and JavaScript, businesses need to understand the tactics, techniques, and procedures (TTPs) associated with JavaScript supply chain attacks.

Read Post

Securing the Digital Supply Chain Ep. 10 - Peeyush Ranjan

Apr 22, 2022 By Riscosity In Riscosity
An amazing conversation with Peeyush Ranjan, Engineering VP at a Fortune 50 organization. Peeyush coined an amazing term - "Diffused Responsibility" - this is the reason why we all, in different silos, development, security, GRC, legal have to try harder and pull towards the same goal. In fact the example used - of a sports team, getting the pigskin over the line is a very apt one.
View Video
mend

Software Supply Chain Security: The Basics and Four Critical Best Practices

Apr 21, 2022 By Adam Murray In Mend

Enterprise software projects increasingly depend on third-party and open source components. These components are created and maintained by individuals who are not employed by the organization developing the primary software, and who do not necessarily use the same security policies as the organization. This poses a security risk, because differences or inconsistencies between these policies can create overlooked areas of vulnerability that attackers seek to exploit.

Read Post
upguard

The Biggest Security Risks in Your Supply Chain in 2022

Apr 3, 2022 By Edward Kost In UpGuard

The SolarWinds supply chain attack highlighted how vulnerable supply chains are to cyberattacks. Supply chain risk mitigation has since become an essential component of risk management strategies and information security programs. To support the success of this effort, we’ve listed the top 4 supply chain security risks you need to be aware of in 2022.

Read Post
mend

Automated Software Supply Chain Attacks: Should You be Worried?

Apr 1, 2022 By Tamir Ben Ari In Mend

From the factory floor to online shopping, the benefits of automation are clear: Larger quantities of products and services can be produced much faster. But automation can also be used for malicious purposes, as illustrated by the ongoing software supply chain attack targeting the NPM package repository. By automating the process of creating and publishing malicious packages, the threat actor behind this campaign has taken things to a new scale.

Read Post

How to Mitigate Risks in Software Supply Chain Security

Mar 24, 2022 By Snyk In Snyk
In this session, Mic McCully and Jake Williams explore the software supply chain as an attack vector – by identifying risks and mitigation strategies throughout the software development processes and environment. Watch this to learn how you can meet new requirements and protect your software from these attacks. Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.