Aqua Blog

Supply Chain Attacks

Software Supply Chain Security Threats: 2021 in Review

Software Supply Chain Attacks: 2021 in Review

As CI/CD pipelines have become an increasingly popular attack vector, 2021 saw a huge rise in software supply chain attacks. With their number more than tripling in the past year, securing the software delivery process is one of the most urgent needs. In our latest study, we examine the top supply chain security …

Continue reading ›
Securing the World’s Software Supply Chains: Why Argon Joined Aqua

Securing the World’s Software Supply Chains: Why Argon Joined Aqua

Last year, Argon set out on an exciting mission to solve one of the industry’s most urgent problems: secure the way companies build and release software. Today, we’re thrilled to hit another milestone on this journey as we join forces with Aqua Security, the well-known leader in cloud native security. This …

Continue reading ›
A Popular npm Library Compromised in a Supply Chain Attack: What to Do

A Popular npm Library Compromised in a Supply Chain Attack: What to Do

In late October, a supply chain attack affected a popular npm library, ua-parser-js, which put many companies at risk of compromise. In this blog, we will describe the attack and outline a few ways that organizations can mitigate similar threats. This is an example in a growing trend of cyberattacks that leverage the …

Continue reading ›
A Brief Guide to Supply Chain Security Best Practices

A Brief Guide to Supply Chain Security Best Practices

With the rise in attacks targeting the supply chain of cloud native applications, it’s important to understand how you can prepare for and stifle risks that enter your environments through third-party packages and tools. This post outlines the top software supply chain security best practices that should be included …

Continue reading ›
Supply Chain Attacks

Threat Alert: Supply Chain Attacks Using Container Images

Team Nautilus, Aqua Security’s threat research team, has uncovered several supply chain attacks that use malicious container images to compromise their victim. These five container images were found on Docker Hub, which we scan daily for signs of malicious activity. The images hijack organizations’ resources to mine …

Continue reading ›
supply chain attacks

Innovation in the Hands of Threat Actors: Analyzing Supply Chain Attacks

Hot on the heels of highly publicized attacks like those affecting Solarwinds and Codecov, organizations are taking a firm stance on software supply chain security. But in order to be effective at securing the slurry of artifacts that get incorporated into cloud native applications, we must first understand the enemy. …

Continue reading ›

Subscribe to Email Updates

Popular Posts

Filter by Topic

Show more...