Explores Zero Trust, SBOM, and practical steps to secure the software supply chain, boost resilience, and communicate risk to leadership.

Breakdown of the Trivy GitHub Actions attack, including workflow misconfigurations, token theft, and supply chain exposure.

In March 2026, Trivy, one of the most widely used open-source vulnerability scanners in the Kubernetes ecosystem, was weaponized against the very organizations that relied on it for security.

Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious ...

Open source designs offer flexibility, yet they also create long-term dependency paths that may hide more risk than developers expect. Many companies now treat container security as the first real ...

In the current digital environment, supply chains are essential to national security, vital infrastructure and international trade. They have, however, also emerged as one of the most often used ...

In a recent commentary, I outlined five IT security trends that are top of mind for federal cybersecurity experts. That commentary captured the mood at the time—a landscape defined by data security ...

NEW YORK, NY / ACCESS Newswire / August 6, 2025 / Global trade depends on visibility. But many of the systems industries have long relied on-tags, labels, audits, spreadsheets-weren’t built for ...

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was created ...

Analyst Insight: Most organizations only address supply chain security when something breaks — a ransomware hit, a suspiciously similar product from a co-packer, or a geopolitical disruption that ...

Throughout the supply chain, artificial intelligence promises to transform how organizations plan, produce, move, stock, sell and deliver all types of products, from candy bars to car parts. There are ...

Effective homeland security is dependent on mission technologies—autonomous systems, sensors, identity management tools, and command-and-control platforms—that were peripheral, or nonexistent, just a ...