Software-producing organizations are under increasing obligation to secure their supply chains amid rising attacks. Per Gartner, nearly half of enterprise firms will have experienced a software supply chain attack by 2025. The main challenge is the complex process of developing modern applications, including open source dependencies and global development teams. This piece suggests solutions such as considering all aspects of the supply chain when designing security measures, using SBOMs for remediation, implementing strict policies, and using the SLSA framework to verify software reliability.
Chinese Hackers Actively Exploiting Ivanti VPN Vulnerability to Deploy Malware
Security researchers have found a critical vulnerability (CVE-2025-22457) in Ivanti Connect Secure VPN appliances, exploited by suspected Chinese group UNC5221 since mid-March 2025. This buffer
