Supply Chain Security stories

FIRST conference in Scottsdale draws 500-plus as security leaders and AI firms debate vulnerability disclosure, CWE's role and CVE's future.

OpenAI expands Trusted Access for Cyber with Bank of America, BlackRock and others, backing defenders, researchers and open-source security teams.

GitLab 18.11 rolls out AI agents for security remediation, pipeline setup and delivery analytics, plus new spending caps on GitLab Credits.

Azul wins a bigger enterprise foothold as FY26 bookings leap, partners expand and a Thoma Bravo-backed deal and Payara buyout widen its Java push.

OpenSearch set out its first enterprise support framework as new long-term releases promise 18-month cover, faster CVE fixes and certified vendors.

GuidePoint says ransomware attacks stayed elevated in Q1 as The Gentlemen surged, construction became a top target and extortion-only tactics spread.

Manufacturing was the most targeted sector for ransomware in 2025, as Check Point counted 1,466 attacks worldwide amid rising supply chain exposure.

Capsule Security emerges from stealth with $7 million backing to police AI agents at runtime as enterprises widen their use.

OpenAI broadens Trusted Access for Cyber to verified defenders, giving vetted users GPT-5.4-Cyber for tougher security work and code analysis.

Sonatype flags 21,764 malicious open-source packages in Q1 2026, with npm hit hardest as attackers used trusted workflows to steal secrets.

Most companies lack confidence in cyber defences as a Sygnia survey finds major gaps in visibility, coordination and board-level readiness.

Ledger names Ian Rogers as Chief Human Agency Officer, putting hardware approval and human oversight at the centre of its AI security push.

KnowBe4 unveils Agent Risk Manager to monitor autonomous AI agents in real time, flag prompt injections and curb rogue data access.

GitLab deepens Google Cloud partnership so Duo Agent Platform users can tap Vertex AI models, while counting the spend against existing commitments.

Forrester warns Anthropic's Project Glasswing could overwhelm vulnerability management, as AI uncovers flaws faster than patching teams can respond.

Booking.com tells some customers to watch for phishing after suspicious activity exposed reservation details, contact data and messages linked to bookings.

Salt warns AI agents are widening the API security gap, with 92% of organisations still short of advanced defences and 47% delaying releases.

Cloudsmith survey finds most engineering teams still lack automated SBOM checks, leaving many unready for fast EU Cyber Resilience Act audits.

Yokogawa wins three cybersecurity approvals for control, safety and connectivity products as plant operators face tighter scrutiny over cyber risk.

Intruder expands cloud security platform with registry-level container image scanning for AWS, Google Cloud and Azure users.