Supply Chain Security stories - Page 4

Aqua Security's Trivy GitHub Action was hijacked to ship infostealer code via CI/CD pipelines, exposing secrets across downstream users.

GitLab opens agentic AI to free-tier users, sets USD $0.25 flat fee for automated code reviews and expands security false-positive filtering.

Yubico and Delinea unite hardware keys with identity checks to ensure each high‑risk AI agent action is explicitly approved by a human.

Iceland-based Varist has launched a free malware scanner that rates suspicious files in seconds to counter fast-evolving AI-driven threats.

OPSWAT founder Benny Czarny urges a prevention-first cyber defence in his new book, arguing detection-led tools can no longer keep pace.

DigiCert reports record Q4 ARR in FY26 as DigiCert ONE platform growth, acquisitions and automation demand drive digital trust expansion.

SpecterOps broadens BloodHound Enterprise to map identity attack paths across Okta, GitHub and Jamf-managed Macs in hybrid environments.

Miggo and Grafana link runtime security to Grafana Cloud telemetry, promising major cuts to critical vulnerability noise for joint users.

Keysight debuts SBOM Manager to automate software bills of materials as EU and US cyber rules tighten transparency and compliance demands.

Chainguard launches a free Catalog Starter pack, giving developers five production-grade secure container images from its vast library.

Lineaje launches UnifAI, a security and governance layer to centralise control, discovery and policy for enterprise agentic AI deployments.

JFrog launches an MCP registry to centralise and secure AI coding agents, extending software supply chain controls to agent workflows.

TrendAI integrates its AI security platform with HPE Private Cloud AI to secure enterprise AI deployments from infrastructure to applications.

TrendAI and Nvidia link DSX Air with digital twin security tools so AI datacentre “factories” can be hardened before hardware is built.

TrendAI and Nvidia deepen collaboration to embed layered security and governance into OpenShell, protecting long-lived autonomous AI agents.

Secure Code Warrior launches SCW Trust Agent: AI, giving security teams commit-level visibility and control over AI-influenced code.

AI-fuelled coding drives record 29 million hardcoded secrets on GitHub in 2025, with leaks from AI tools and services surging sharply.

Harness has launched AI Security and Secure AI Coding tools to spot and block vulnerabilities in AI-powered apps and AI-generated code.

1Password unveils Unified Access to secure AI agents and machine credentials, promising endpoint-to-agent visibility for security teams.

FIRST to host three cybersecurity conferences in 2026 as it predicts annual CVE disclosures will surpass 50,000 for the first time.