The company said it found more evidence of compromise across its customer base. Exposure, which has yet to be defined, poses significant downstream risk.

The attack, which originated at Context.ai, showcases the pitfalls of interconnected cloud applications and SaaS integrations with overly privileged permissions.

The company said a developer tool automatically retrieved a malicious version of the popular open-source library, but insists the integrity of its systems and software were not…

Researchers at numerous firms are sounding warnings about the supply-chain attack on an open-source project with 100 million weekly downloads.

Attackers compromised the open-source security tool and published malicious versions of the software. Mandiant warns the fallout could impact up to 10,000 downstream victims.

For 20 years, tech has moved fast and broken things. The result: a cybersecurity crisis built on rushed code and vulnerable software. It's time to replace speed-at-all-costs…

Details about the attack are scattered, and discrepancies remain about the number of companies impacted and the extent to which they are compromised.

Self-replicating malware has infected almost 500 open-source packages, exposing more than 26,000 GitHub repositories in less than 24 hours.

Okta thwarted the supply-chain attack with security controls it had in place. Zscaler did not. Their experiences provide insights into the root of a much broader problem.

CEO Sandy Douglas said the food distributor is helping some customers maintain inventory with assistance from other wholesalers.