How InvisiRisk BAF Effectively Mitigates GitHub Actions Supply Chain Attacks Like the Ultralytics/Action Compromise
How InvisiRisk BAF Effectively Mitigates GitHub Actions Supply Chain Attacks Like the Ultralytics Attack Introduction The rise of automation in software development has made CI/CD pipelines indispensable, with GitHub Actions standing out as a cornerstone for streamlining workflows. However, this reliance on automation introduces significant security risks, as demonstrated by the December 2024 supply chain […]
Ensuring Software Supply Chain Security with Blessed Open-Source Repositories
Why Blessed Open-Source Repositories Matter In today’s rapidly evolving technological landscape, the importance of maintaining a secure and reliable software supply chain cannot be overstated. One critical aspect of this is the use of “blessed open-source repositories,” which serve as trusted sources for open-source components. These repositories are meticulously curated and approved by DevSecOps teams […]
Beyond Open-Source Vulnerability Tracking: Comprehensive Software Supply Chain Security with InvisiRisk
Beyond Open Source Vulnerability Tracking: Comprehensive Software Supply Chain Security with InvisiRisk In today’s rapidly evolving digital landscape, securing the software supply chain has become more critical than ever. While tracking open-source software vulnerabilities is essential, it is just one piece of the puzzle. At InvisiRisk, we believe in a holistic approach to software supply […]
InvisiRisk Announces the Launch of its Software Supply Chain GRC Platform
InvisiRisk Launches GRC Platform for the Software Supply Chain InvisiRisk, Inc. is thrilled to announce the launch of its innovative Governance, Risk, and Compliance (GRC) platform for the software supply chain. This groundbreaking solution is set to transform how organizations manage enterprise software risks for both developed and purchased products. Founded by David Pulaski, Mike […]
Could Standard Security Attestations, Powered by InvisiRisk, Have Shielded the NHS supplier from the £3m ICO Fine?
NHS IT Provider Hit with £3m ICO Fine: A Supply Chain Security Wake-Up Call The recent ICO fine levied against an NHS IT provider, Advanced Computer Software Group Ltd (ACSGL), serves as a stark reminder of the critical importance of robust supply chain security. The root cause? A ransomware attack exploiting security vulnerabilities, specifically the […]
The Great NPM Heist – What Happened and How InvisiRisk Protects You
The Great NPM Heist: What Happened and How InvisiRisk Protects You In early September 2025 attackers orchestrated a large-scale supply chain compromise on the NPM registry. They phished several popular package maintainers to gain publishing rights, then pushed malicious updates to over 18 widely used JavaScript libraries (including chalk, debug, ansi-regex, strip-ansi, wrap-ansi, color-convert, etc.). […]
Why the AWS CodeBreach Vulnerability Is a Reminder We Can’t Ignore
AWS CodeBreach Vulnerability: The High Cost of Unknown Risks in Your Build Pipeline The AWS CodeBreach vulnerability, reported last week by Wiz Research, exposed a flaw in AWS CodeBuild that allowed unauthenticated attackers to infiltrate the build environment, leak privileged credentials, and potentially put every AWS account at risk. This serves as a stark reminder […]
Shai-Hulud NPM Worm Attack: Overview and InvisiRisk Protection
Shai-Hulud NPM Worm Attack: Overview and InvisiRisk Protection A novel self-propagating malware strain dubbed the Shai-Hulud worm has recently infected hundreds of JavaScript (NPM) packages. Security researchers report that at least 187 NPM packages are known to have been compromised and the damage caused by this threat is suspected of impacting more than 500 packages […]
Git’s Silent Takeover: How a Simple Clone Command Can Compromise Your Entire System
Git’s Silent Takeover: How a Simple Clone Command Can Compromise Your Entire System (CVE-2025-48384) In the world of software development, Git is the undisputed foundation of version control, a tool so integral and trusted that its security is often taken for granted. However, a recently discovered high-severity vulnerability, CVE-2025-48384, shatters this perception. This flaw, which […]
InvisiRisk Unveils Groundbreaking Build Security AI Agent
InvisiRisk Launches Revolutionary Build Security AI Agent for Software Supply Chain Protection InvisiRisk, Inc. is excited to announce the launch of its revolutionary Build Security AI Agent, designed to transform the security landscape of software supply chains. This innovative solution leverages advanced artificial intelligence to provide unparalleled protection for CI/CD pipelines, ensuring the integrity and […]