Google patches two actively exploited Chrome vulnerabilities that could allow attackers to crash browsers or run malicious code. Billions of users urged to update.

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.

AI startup was blacklisted after refusing to allow its technology to be used for autonomous weapons or domestic surveillance ...

Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.

When Canada’s prudential regulator, OFSI, released Guideline B 15 on climate risk, much of the industry conversation centred on governance, disclosure templates and model risk. But behind the ...

Half a dozen vulnerabilities in the JavaScript ecosystem’s leading package managers — including NPM, PNPM, VLT, and Bun — could be exploited to bypass supply chain attack protections, according to ...

SCOPE Recruiting, a premier firm of supply chain recruiters focused on manufacturing and logistics, has launched The Scope Partnership Blueprint, a process-driven hiring framework that is designed to ...

A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, ...

1. On December 22, 2025, the Secretary of Commerce (Secretary) transmitted to me a report on his investigation into the effects of imports of semiconductors (semiconductors or chips), semiconductor ...

Technomic’s annual America’s Favorite Chains report featured three coffee chains this year for the very first time, with two of those making their debuts on the list. It’s a trend that isn’t all that ...