Supply Chain – TheCyberThrone

Shai-Hulud 2.0: The Most Aggressive npm Supply Chain Attack

The cybersecurity world was shaken by the emergence of Shai-Hulud 2.0, a highly sophisticated self-replicating malware worm targeting the npm ecosystem. This worm not only compromises developer packages but also…

PravinKarthik November 27, 2025

Security Certifications

Leo and the Chain of Trust – Tale of TPRM at MSDCORP

Introduction – When Security Goes Beyond Your Walls At MSDCORP headquarters, the hum of the security operations center was constant. Screens flickered with dashboards, logs scrolled endlessly, and incident alerts…

PravinKarthik August 14, 2025

OpenSSF Malicious Packages Repository

Courtesy : OpenSSF The Open-Source Security Foundation (OpenSSF) has introduced a new initiative called the Malicious Packages Repository to fight against malicious code and is aimed at enhancing the security…

PravinKarthik October 19, 2023

GitLab Governence Enhancements

GitLab has announced numerous new security and compliance features and enhancements to its platform that are intended for securing software supply chain. The new capabilities include security policy management, compliance…

PravinKarthik October 29, 2022

NIST Publication on Supply Chain Risk Management

The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for addressing software supply-chain risk, offering tailored sets of suggested security controls for various stakeholders. Software supply-chain…

PravinKarthik May 6, 2022

Top CyberSecurity Trends that will drive 2022

Predicting the future is not possible , but based on the previous experiences one can be frame things quite a bit . Like Log4j , can suspect wildcard giant killers…

PravinKarthik January 3, 2022

BillQuick ZeroDay Deploys Ransomware

At least one hacking group is exploiting a security flaw in a popular billing software suite to gain initial access, take over servers, and then deploy ransomware inside companies’ networks.…

PravinKarthik October 25, 2021

Nobelium sights again

The Russian-based hacking group, called Nobelium, managed to compromise an email marketing account for USAID and has distributed phishing emails with attached malware to the targeted companies. Earlier last year…

PravinKarthik May 28, 2021