Supply Chain Security – CyberSecurityBoard

Cyber News

GitHub to Disable npm Install Scripts by Default to Combat Supply Chain Attacks

GitHub has announced significant security changes for npm version 12, set to release next month, aimed at mitigating software supply chain attacks.…

CI/CD Code Execution CVE-2026-11645 developer security

June 25, 2026

Cyber Events

2026 Cybersecurity Stars Awards Recognize Excellence Across 95 Categories

The 2026 Cybersecurity Stars Awards winners have been announced, celebrating innovation, impact, and technical excellence in cybersecurity across 95 subcategories. The awards…

2026 Cybersecurity Awards AI Security CTEM Cybersecurity Stars Awards

June 25, 2026

Cyber Events

2026 Cybersecurity Stars Awards Winners Announced Across 95 Categories

The 2026 Cybersecurity Stars Awards winners have been announced across 95 subcategories, recognizing excellence in cybersecurity innovation, impact, and technical excellence. The…

2026 Cybersecurity Awards AI Security CTEM CVE-2026-11645

June 25, 2026

Cyber Companies

Sonatype: Software Supply Chain Security Company

Sonatype identified and tracked the Atomic Arch campaign as Sonatype-2026-003775. They provide tools for software supply chain security.

software composition analysis Sonatype Supply Chain Security

June 25, 2026

Cyber Companies

StepSecurity: Highlighted High-Value Target Nature of Mastra Ecosystem

StepSecurity, a security company focused on CI/CD and supply chain security, noted that Mastra packages are installed in environments with sensitive credentials,…

CI/CD credentials Mastra security company

June 25, 2026

Cyber Companies

Endor Labs: Security Firm Involved in Detecting Mastra npm Attack

Endor Labs was one of the security firms that discovered the Mastra npm package compromise. The company specializes in software supply chain…

Endor Labs Mastra npm security company

June 25, 2026

Malware

Malicious JetBrains Plugins Steal AI API Keys; Chrome Extensions Capture Chatbot Chats

Cybersecurity researchers have uncovered a coordinated malware campaign on the JetBrains Marketplace involving 15 malicious plugins that exfiltrate AI provider API keys.…

Adblock for Browser AI Security Aikido Security Anthropic

June 25, 2026

Cyber Companies

Aikido Security Discovers Malicious JetBrains Plugins Stealing AI API Keys

Aikido Security is a cybersecurity company that identified a coordinated malware campaign on the JetBrains Marketplace involving 15 malicious plugins that exfiltrate…

AI Security Aikido Security developer security JetBrains

June 25, 2026

Cyber Companies

JetBrains Marketplace Targeted by Malicious Plugin Campaign

JetBrains is a software development company whose marketplace was targeted by a campaign publishing 15 malicious plugins that steal AI API keys.…

developer security JetBrains malware Supply Chain Security

June 25, 2026

Cyber Products

CodeGPT AI Assistant JetBrains Plugin Steals AI API Keys

CodeGPT AI Assistant is a malicious JetBrains plugin with over 25,000 downloads that poses as an AI coding assistant but exfiltrates AI…

AI Security API Key Theft CodeGPT AI Assistant JetBrains

June 25, 2026