Medtronic Discloses Cyber Breach by ShinyHunters Gang
Medtronic recently reported a cyber breach by the ShinyHunters gang to federal authorities and the SEC, revealing that hackers had infiltrated its corporate IT system. Fortunately, the company has found no evidence that patient safety or electronic connections to customers were compromised.
#Healthcare #Medtronic #Shinyhunters #CyberBreach #SoftwareSupplyChain
FedRAMP compliance in weeks, not months β‘
Ready-to-deploy policy packs for instant compliance feedback π
Built on 30M+ download open source tools (Syft & Grype) π§
Community-proven, enterprise-hardened πͺ
https://anchore.com/platform/secure/
#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps
Your MCP server might be the weakest linkβhere's the data. @josh.bressers.name scanned 161 MCP images and found 9,000 vulns / 263 criticals. Read the breakdown and fixes: https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/
Cloudsmith Bolsters Software Supply-Chain Security with $72M Raise
Cloudsmith just secured $72 million to supercharge its artifact management platform and take software supply-chain security to the next level. With a strong artifact management layer in place, companies can enjoy the added benefit of a secure software supply chain.
#SoftwareSupplyChain #ArtifactManagement #FundingRound #SeriesC #Cloudsmith
"Bring Your Own SBOM" sounds simple...
Until you try to manage thousands of them π
Scale is everything π
https://anchore.com/platform/sbom/
#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps
False positives killing your team's productivity? π΅βπ«
Anchore Secure gives you signal, not noise π‘
https://anchore.com/platform/secure/
#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps
The EUβs Cyber Resilience Act (CRA) is a βGDPR momentβ for #SoftwareSecurity.
In this #InfoQ #podcast, Viktor Peterson explores how the CRA is reshaping expectations for software producers & supply chain compliance.
Key highlights:
β
Why SBOMs are operational assets
β
The danger of "weaponized code" in your security tools
β
The shift toward vendor-neutral discovery
π§ Listen now: https://bit.ly/429icwC
π #transcript included
Recent software supply chain attacks - yowers!
In March, popular open source tools Trivy and Axios were compromised with malware, and we won't know the full blast radius for months.
Axios was breached by North Korean hackers who turned it into a malware delivery vehicle for about three hours after attackers hijacked a maintainer's account and slipped a remote-access trojan (RAT) into two seemingly legitimate releases.
Trivy was hacked by a loosely knit band of hackers called TeamPCP, who injected credential-stealing malware.
"Attackers are starting to really look at the supply chain and open source packages, and figure out ways to compromise developers to deliver malware or gather data" ... https://www.theregister.com/2026/04/11/trivy_axios_supply_chain_attacks/ #Hackers #Malware #Software #OpenSource #SoftwareSupplyChain #Trojan #CyberSecurity #Security #Trivy #Axios
Analyst207
anchore
Asfaload
InfoQ
BGDon π¨π¦ πΊπΈ π¨βπ»