Supply Chain Risk Management Capabilities Center
Snaps are compressed, cryptographically signed, revertable software packages for Linux desktops, servers, and embedded devices.
A sophisticated campaign targeting Canonical’s Snap Store has escalated dramatically, with threat actors shifting from publishing malware under new accounts to hijacking established publishers through expired domain takeovers.
This represents a fundamental erosion of trust signals that Linux users previously relied upon when installing snap packages.
Active Directory is still how most organizations manage user identities, making it a frequent focus during attacks. What’s changed isn’t the target, but how much faster and more effective these attacks have become.
Generative AI has made password attacks cheaper and more efficient, turning what once required specialized skills and significant computing power into something almost anyone can do.
As federal agencies accelerate their zero trust strategies, identity, credential, and access management (ICAM) has become mission-critical. The Defense Department is taking a federated approach, enabling single identities to securely span multiple systems. But with every badge, credential, and privilege comes both opportunity and risk — and the stakes couldn’t be higher.
Datadog Security Research has uncovered a sophisticated supply chain attack targeting the npm ecosystem, involving 17 malicious packages across 23 releases designed to deliver the Vidar infostealer malware to Windows systems.
The campaign, attributed to a threat actor cluster tracked as MUT-4831, represents a significant escalation in npm-based threats and marks the first known public disclosure of Vidar malware being distributed through npm packages.
Power Device Corporation (PDC) a trusted leader in space electronics for over 25 years, proudly announces the launch of its latest innovation: the Osiris Computer Module. This high-performance Single Board Computer (SBC) integrates Microchip Technology’s cutting-edge PIC64-HPSC microprocessor (MPU), delivering up to 26,000 DMIPS and 1 TFLOPS of processing power in a compact, SWaP-optimized 3U SpaceVPX form factor.
Top cybersecurity experts share insights on how to outpace adversaries by using AI to your advantage.
Featuring perspectives from AWS, CrowdStrike, Palo Alto Networks, and Splunk, this e-book explores how agencies can harness AI’s potential while staying one step ahead of its risks.
Around 200,000 Linux computer systems from American computer maker Framework were shipped with signed UEFI shell components that could be exploited to bypass Secure Boot protections.
An attacker could take advantage to load bootkits (e.g. BlackLotus, HybridPetya, and Bootkitty) that can evade OS-level security controls and persist across OS re-installs.
Microsoft is currently investigating a significant bug affecting classic Outlook for Windows that prevents users from accessing their email accounts.
The issue manifests as a persistent error message stating “Cannot start Microsoft Outlook. Cannot open the Outlook window. The set of folders cannot be opened. The attempt to log on to Microsoft Exchange has failed.” According to Microsoft’s official documentation updated on September 26, 2025, this particular error can occur for various reasons, but recent support cases have primarily involved user mailboxes experiencing authentication failures.
What does secure collaboration really look like in action?
There’s always tension between using the newest technology and ensuring it’s secure. In our latest e-book, we explore how federal leaders are navigating this challenge across branches and agencies.
Maryland’s transit network experienced widespread disruption this week after a sophisticated cyberattack targeted critical information systems, forcing the Maryland Transit Administration (MTA) and the Department of Information Technology (DoIT) to scramble containment efforts.
While most core services remain operational, significant impacts to scheduling and real-time information have left thousands of commuters seeking alternative arrangements. DoIT security monitors detected unauthorized access to portions of MTA’s back-end systems.