supply chain security
Cybersecurity & Risk
AI-Generated Code Security: 45% Vulnerability Rate and the CISO Response
⚡ Key Takeaways Veracode’s 2025 analysis found 45% of AI-generated code contains security vulnerabilities — 2.7x the density of human-written...
Cybersecurity & Risk
TanStack Attack: How SLSA Provenance Was Weaponised Against the CI/CD Trust Chain
⚡ Key Takeaways May 11, 2026: TeamPCP stole GitHub Actions OIDC tokens via cache poisoning, publishing 84 malicious @tanstack npm...
Cybersecurity & Risk
The £300 Million Breach: M&S and Co-op’s Cyber Collapse Rewrites the Cost of Unpreparedness
⚡ Key Takeaways M&S lost £324M in sales — profits fell 55% after April 2025 ransomware attack Bottom Line: Read...
Cybersecurity & Risk
SaaS Single Points of Failure: How One Vendor Breach Hits Thousands of Clients
⚡ Key Takeaways Canvas exposed 275 million records across 8,809 institutions via a single compromised integration. Snowflake exposed 165 organizations...
Cybersecurity & Risk
CRINK Cyber Siege: How China, Russia, Iran, and North Korea Target Defense Contractors
⚡ Key Takeaways CRINK actors (China, Russia, Iran, North Korea) have converged on the defense industrial base with AI-assisted exploit...
Cybersecurity & Risk
Canvas Breach: 275 Million Records and What Every SaaS Buyer Must Fix Now
⚡ Key Takeaways ShinyHunters breached Canvas LMS in late April 2026, exfiltrating 3.65TB of data — 275 million records from...
Cybersecurity & Risk
Algeria SaaS Vendor Risk: A Third-Party Cyber Assessment Framework for Local Enterprises
⚡ Key Takeaways Algeria recorded over 70 million cyberattacks in 2024 — 13 million phishing attempts alone — while rapidly...
Cybersecurity & Risk
Dependency Security for Algerian Developers: Lessons from the Axios npm Compromise
⚡ Key Takeaways In March 2026, attackers attributed to North Korean group UNC1069 backdoored Axios — JavaScript’s most downloaded npm...
Cybersecurity & Risk
React2Shell at Scale: 766 Next.js Servers Breached in Credential Harvest
Cisco Talos exposes UAT-10608's mass exploitation of CVE-2025-55182, harvesting AWS keys, Stripe secrets, and AI tokens from 766 hosts using NEXUS Listener.
Cybersecurity & Risk
FortiClient EMS Zero-Day: When Endpoint Security Becomes the Attack Surface
⚡ Key Takeaways Fortinet’s FortiClient EMS suffered a critical zero-day (CVE-2026-35616, CVSS 9.1) that was actively exploited before patches existed,...
Cybersecurity & Risk
RoguePilot: How Hidden Instructions in GitHub Issues Let Attackers Hijack Repositories
Orca Security discovered RoguePilot, a passive prompt injection that let hidden GitHub Issue instructions hijack Copilot to leak tokens and take over repositories.
