According to the firm’s latest supply chain security report, there was a 73% increase in detections of malicious open-source packages in 2025. The past year also saw a huge jump in the scope of ...

Malicious activity within software supply chains has evolved from opportunistic abuse into “sustained, industrialised” ...

Open source malware surpasses 1.233 million packages, escalating in scale and sophistication: Nation-state attackers increasingly mimic trusted developer tools and leverage legitimate channels to ...

SARATOGA, Calif.--(BUSINESS WIRE)--Lineaje, the full-lifecycle software supply chain security company, today launched end-to-end capabilities that will fundamentally transform how organizations ...

"The latest enhancements to our platform empower organizations to stop third-party risk from ever entering their software code, providing them with a prevention-first approach." Package Firewall ...

The open-source development ecosystem has experienced a significant rise in malicious software components, putting enterprises on high alert for software supply chain attacks. Malware is infiltrating ...

Stranger Things concept of the “Upside Down” is a useful way to think about the risks lurking in the software we all rely on.

A rise in malicious software packages exploiting system vulnerabilities has been detected by security researchers. A new report, published by Fortinet today, analyzes threats observed from November ...

Supply chain security is rapidly emerging as a material risk for enterprise software buyers. Yet, despite best efforts from regulators to hold software publishers accountable, enterprise buyers ...

The administrators of the Python Package Index (PyPI) have begun an effort to improve the hundreds of thousands of software packages that are listed. The attempt, which began earlier last year, is to ...

For all the scary talk about cyberattacks from vendors and industry experts, relatively few attacks are actually devastating. But the Jaguar Land Rover (JLR) attack was. The JLR breach wasn’t some ...

In the beginning, we identified two major types of software supply chain attacks and nine minor types. The world keeps insisting on a broader definition. In the spring of 2020, it really mattered to ...