A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Heidi Barnard, head of sustainability at NHS Supply Chain, will be sharing how the NHS is working to reduce its Scope 3 emissions through technology, contracts and collaboration at the Sustainable ...

Half a dozen vulnerabilities in the JavaScript ecosystem’s leading package managers — including NPM, PNPM, VLT, and Bun — could be exploited to bypass supply chain attack protections, according to ...

According to Google DeepMind, the launch of Gemma Scope 2 introduces a comprehensive suite of AI interpretability tools specifically designed for their Gemma 3 open model family. These tools enable ...

Today at Black Hat Europe, I raised our commitment to customer security through our partnerships with the security research community. In an AI and cloud-first world, threat actors don’t limit ...

What Happened in the Shai Hulud JavaScript Attack? A major JavaScript supply-chain attack has compromised more than 400 NPM packages — including at least 10 widely used across the crypto ecosystem — ...

Swiss telecommunications company Swisscom has replaced multiple spreadsheets with a single carbon management platform to track emissions across its supply chain. The system aggregates data from over 3 ...

Scope 3 emissions are a challenge due to the lack of supplier data availability. Transportation, one of the largest Scope 3 categories, is both a barrier and an area that presents opportunities. The ...

As companies face mounting pressure on two fronts: physical risks driven by the direct impacts of a changing climate, and transition risks arising from shifts in policy, markets, and technology as the ...

Software supply chain security provider Chainguard has unveiled Chainguard Libraries for JavaScript, described as a collection of trusted builds of thousands of common malware-resistant JavaScript ...

A large-scale supply chain attack on the JavaScript ecosystem has prompted an urgent warning from Ledger’s chief technology officer, Charles Guillemet, who advised users without hardware wallets to ...

The breach hit core JavaScript libraries such as chalk and strip-ansi, downloaded billions of times each week, raising alarms over the security of open-source software. Hackers have compromised widely ...