Supply Chain Risk Management Capabilities Center
Active Directory is still how most organizations manage user identities, making it a frequent focus during attacks. What’s changed isn’t the target, but how much faster and more effective these attacks have become.
Generative AI has made password attacks cheaper and more efficient, turning what once required specialized skills and significant computing power into something almost anyone can do.
As federal agencies accelerate their zero trust strategies, identity, credential, and access management (ICAM) has become mission-critical. The Defense Department is taking a federated approach, enabling single identities to securely span multiple systems. But with every badge, credential, and privilege comes both opportunity and risk — and the stakes couldn’t be higher.
Datadog Security Research has uncovered a sophisticated supply chain attack targeting the npm ecosystem, involving 17 malicious packages across 23 releases designed to deliver the Vidar infostealer malware to Windows systems.
The campaign, attributed to a threat actor cluster tracked as MUT-4831, represents a significant escalation in npm-based threats and marks the first known public disclosure of Vidar malware being distributed through npm packages.
Power Device Corporation (PDC) a trusted leader in space electronics for over 25 years, proudly announces the launch of its latest innovation: the Osiris Computer Module. This high-performance Single Board Computer (SBC) integrates Microchip Technology’s cutting-edge PIC64-HPSC microprocessor (MPU), delivering up to 26,000 DMIPS and 1 TFLOPS of processing power in a compact, SWaP-optimized 3U SpaceVPX form factor.
Top cybersecurity experts share insights on how to outpace adversaries by using AI to your advantage.
Featuring perspectives from AWS, CrowdStrike, Palo Alto Networks, and Splunk, this e-book explores how agencies can harness AI’s potential while staying one step ahead of its risks.
Around 200,000 Linux computer systems from American computer maker Framework were shipped with signed UEFI shell components that could be exploited to bypass Secure Boot protections.
An attacker could take advantage to load bootkits (e.g. BlackLotus, HybridPetya, and Bootkitty) that can evade OS-level security controls and persist across OS re-installs.
Microsoft is currently investigating a significant bug affecting classic Outlook for Windows that prevents users from accessing their email accounts.
The issue manifests as a persistent error message stating “Cannot start Microsoft Outlook. Cannot open the Outlook window. The set of folders cannot be opened. The attempt to log on to Microsoft Exchange has failed.” According to Microsoft’s official documentation updated on September 26, 2025, this particular error can occur for various reasons, but recent support cases have primarily involved user mailboxes experiencing authentication failures.
What does secure collaboration really look like in action?
There’s always tension between using the newest technology and ensuring it’s secure. In our latest e-book, we explore how federal leaders are navigating this challenge across branches and agencies.
Maryland’s transit network experienced widespread disruption this week after a sophisticated cyberattack targeted critical information systems, forcing the Maryland Transit Administration (MTA) and the Department of Information Technology (DoIT) to scramble containment efforts.
While most core services remain operational, significant impacts to scheduling and real-time information have left thousands of commuters seeking alternative arrangements. DoIT security monitors detected unauthorized access to portions of MTA’s back-end systems.
An unknown threat actor has stolen the sensitive personal, financial, and health information of nearly 870,000 Columbia University current and former students and employees after breaching the university’s network in May.
The breach was discovered and reported to law enforcement authorities following an outage that affected some of its systems on June 24, following an investigation with support from external cybersecurity experts.