software supply chain

New GitHub Zero-Day Exposed Developer Tokens to Attackers

New GitHub Zero-Day Exposed Developer Tokens to Attackers

AndyC 5 June 2026

A single click on the wrong repository could have put a developer’s GitHub access at risk. Security researcher Ammar Askar...

Read More

Gartner SRM 2026 Signals a Cybersecurity Shift From Prevention to Resilience

Gartner SRM 2026 Signals a Cybersecurity Shift From Prevention to Resilience

AndyC 5 June 2026

The old success metrics no longer survive contact with reality. There is a particular kind of clarity that comes from...

Read More

Grafana Rejects Ransom Demand After GitHub Breach Exposes Codebase Theft

Grafana Rejects Ransom Demand After GitHub Breach Exposes Codebase Theft

AndyC 20 May 2026

Grafana has confirmed that an unauthorized party gained access to its GitHub environment after obtaining a compromised token, allowing the...

Read More

Why Developer Experience Is the Foundation of DevSecOps Success

Why Developer Experience Is the Foundation of DevSecOps Success

AndyC 30 April 2026

The post Why Developer Experience Is the Foundation of DevSecOps Success appeared first on 2024 Sonatype Blog. Application security is...

Read More

Why Software Supply Chain Security Requires a New Playbook

Why Software Supply Chain Security Requires a New Playbook

AndyC 16 April 2026

The post Why Software Supply Chain Security Requires a New Playbook appeared first on 2024 Sonatype Blog. Software is being...

Read More

Trust At Scale: The Commons, Threats, and AI in the Loop | Sonatype

Trust At Scale: The Commons, Threats, and AI in the Loop | Sonatype

AndyC 29 January 2026

Dependency management used to be a private embarrassment: an Ant script, a /lib folder, and classpath roulette. You could ship...

Read More

Lessons for life: Why children’s data is a long-term identity risk

Lessons for life: Why children’s data is a long-term identity risk

AndyC 8 June 2026

Kids Online Your child’s first data breach may happen before they’ve even opened a bank account. Here’s how to keep their digital life safe. Phil...

Read More

This month in security with Tony Anscombe – May 2026 edition

This month in security with Tony Anscombe – May 2026 edition

AndyC 2 June 2026

In this roundup, Tony looks at attacks against Polish water treatment facilities, how AI-directed attacks failed in Mexico, and what Google believes is the first...

Read More

ESET APT Activity Report Q4 2025–Q1 2026

ESET APT Activity Report Q4 2025–Q1 2026

AndyC 2 June 2026

ESET ResearchThreat Reports An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2025 and Q1 2026 Jean-Ian...

Read More

What to consider before asking an AI chatbot for health advice

What to consider before asking an AI chatbot for health advice

AndyC 2 June 2026

Using chatbots for medical advice could elicit hallucinations and even expose you to security and privacy risks. Here’s what’s at stake and how to stay...

Read More

BTMOB: A stealthy RAT burrowing deep into Android devices

BTMOB: A stealthy RAT burrowing deep into Android devices

AndyC 27 May 2026

The malware pairs remote access capabilities with ready-made campaign tools, lowering the barrier for full device compromise Daniel Cunha Barbosa 26 May 2026 • ,...

Read More

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

AndyC 26 May 2026

Digital Security Watch out for bogus World Cup websites that mimic official ticket and merchandise flows to steal money and personal data Christian Ali Bravo...

Read More

Vendor News

Sophos Workspace Protection update

AndyC 11 June 2026

Vendor News

Sophos Workspace Protection update

AndyC 11 June 2026

Vendor News

Sophos Workspace Protection update

AndyC 11 June 2026

Vendor News

Sophos Workspace Protection update

AndyC 11 June 2026

Vendor News

Sophos Workspace Protection update

AndyC 11 June 2026