The popular polyfill.io JavaScript library has been used to inject malicious code into thousands of sites in the last few days.
A new report revealed discrepancies in how CISOs and developers view their roles and responsibilities around software supply chain security.
The North Korean threat actor is leveraging the supply-chain attack to target MacOS keychains and reconnaissance data.
At the RSA Conference this week, government officials and cybersecurity executives mulled over the multiple layers of challenges in securing the software supply chain.
An intrusion at a separate company led to the supply chain attack on 3CX that was disclosed last month, investigators said.