Software-producing organizations are under increasing obligation to secure their supply chains amid rising attacks. Per Gartner, nearly half of enterprise firms will have experienced a software supply chain attack by 2025. The main challenge is the complex process of developing modern applications, including open source dependencies and global development teams. This piece suggests solutions such as considering all aspects of the supply chain when designing security measures, using SBOMs for remediation, implementing strict policies, and using the SLSA framework to verify software reliability.

Counterfeit Android phones are hiding pre-installed malware that can infect every system process
Kaspersky researchers have identified a new strain of the Triada Trojan, pre-installed on counterfeit Android devices. The malware, first identified in 2016, can steal personal