Supply Chain Security stories

Zscaler joins Anthropic's Project Glasswing to test Claude Mythos Preview in software scans, as the firm pushes zero trust against AI-driven attacks.

HackerOne unveils h1 Validation as vulnerability reports surge 76% and AI tools speed up discovery, leaving firms struggling to triage real threats.

CIS, Astrix and Cequence publish AI security guides for large language models, autonomous agents and MCP environments.

SUSE and NVIDIA unveil an enterprise AI stack aimed at regulated sectors, offering on-premise control, governance and sovereignty for production use.

Chainguard and Cursor strike partnership to embed verified open source dependencies into AI coding, aiming to curb supply chain risks at machine speed.

Tenable warns a GitHub Actions bug in Microsoft's Windows-driver-samples repo could let attackers run code and steal secrets via public issues.

BlackBerry survey finds government and infrastructure security chiefs relying on WhatsApp for sensitive talks despite major misunderstandings over encryption.

AI models that can hunt and chain software flaws are forcing boards to rethink cyber defences, while scrutiny grows over Anthropic's MCP design risks.

LangWatch releases open-source AI red-teaming framework to expose hidden vulnerabilities in production agents through multi-turn attack simulations.

Proofpoint says a cargo theft gang spent weeks inside a decoy network, probing banking, fleet payment and load board systems for fraud.

Sysdig says companies are increasingly leaning on automated defence as AI-driven attacks accelerate, with machine identities now dominating cloud access.

Anthropic's Mythos spots corporate network attacks in hours, while security experts warn unmanaged AI agents are becoming a critical enterprise risk.

FIRST conference in Scottsdale draws 500-plus as security leaders and AI firms debate vulnerability disclosure, CWE's role and CVE's future.

OpenAI expands Trusted Access for Cyber with Bank of America, BlackRock and others, backing defenders, researchers and open-source security teams.

ESET survey finds North American SMBs increasingly buying cyber cover, with insurers shaping controls and managed detection services after repeated breaches.

GitLab 18.11 rolls out AI agents for security remediation, pipeline setup and delivery analytics, plus new spending caps on GitLab Credits.

Azul wins a bigger enterprise foothold as FY26 bookings leap, partners expand and a Thoma Bravo-backed deal and Payara buyout widen its Java push.

OpenSearch set out its first enterprise support framework as new long-term releases promise 18-month cover, faster CVE fixes and certified vendors.

GuidePoint says ransomware attacks stayed elevated in Q1 as The Gentlemen surged, construction became a top target and extortion-only tactics spread.

Manufacturing was the most targeted sector for ransomware in 2025, as Check Point counted 1,466 attacks worldwide amid rising supply chain exposure.