DATE: April 15, 2025 at 06:00PM
SOURCE: BioWorld MedTech

Direct article link at end of text block below.

Impact of #tariffs on supplies of #semiconductor tough to calculate

https://t.co/LL9opMvzgj

#medtech #trade #SupplyChain

Here are any URLs found in the article text:

https://t.co/LL9opMvzgj

#medtech

Articles can be found by scrolling down the page at https://www.bioworld.com/topics/85-bioworld-medtech .

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
.
NYU Information for Practice puts out 400-500 good quality health-related research posts per week but its too much for many people, so that bot is limited to just subscribers. You can read it or subscribe at @PsychResearchBot
.
Since 1991 The National Psychologist has focused on keeping practicing psychologists current with news, information and items of interest. Check them out for more free articles, resources, and subscription information: https://www.nationalpsychologist.com
.
EMAIL DAILY DIGEST OF RSS FEEDS -- SUBSCRIBE:
http://subscribe-article-digests.clinicians-exchange.org
.
READ ONLINE: http://read-the-rss-mega-archive.clinicians-exchange.org
.
It's primitive... but it works... mostly...
.
-------------------------------------------------

Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware

Slow Pisces, a North Korean state-sponsored threat group, is targeting cryptocurrency developers through LinkedIn with malicious coding challenges. The group impersonates recruiters and sends malware disguised as project tasks, infecting systems with RN Loader and RN Stealer. Their campaign uses GitHub repositories containing adapted open-source projects in Python and JavaScript. The malware employs YAML deserialization and EJS rendering to execute arbitrary code from command-and-control servers. Slow Pisces has reportedly stolen over $1 billion from the cryptocurrency sector in 2023, using various methods including fake trading applications and supply chain compromises. The group's operational security is noteworthy, with payloads existing only in memory and deployed selectively.

Pulse ID: 67fd5a2e0a1353fab9d93ea5
Pulse Link: https://otx.alienvault.com/pulse/67fd5a2e0a1353fab9d93ea5
Pulse Author: AlienVault
Created: 2025-04-14 18:55:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

New supply chain attacks called "slopsquatting" in AI coding attempts to leverage AI models tendency to hallucinate non-existent package names.

Research indicates roughly 20% of the sampled Python and JavaScript code samples recommended packages didn't exist.

https://www.bleepingcomputer.com/news/security/ai-hallucinated-code-dependencies-become-new-supply-chain-risk/ #slopsquatting #hallucinations #AI #coding #supplychain #python #javascript #cybersecurity

AI Hallucinations Create a New Software Supply Chain Threat – Source: www.securityweek.com https://ciso2ciso.com/ai-hallucinations-create-a-new-software-supply-chain-threat-source-www-securityweek-com/ #rssfeedpostgeneratorecho #SupplyChainSecurity #CyberSecurityNews #securityweekcom #securityweek #supplychain #FEATURED #genai #AI

Atomic and Exodus crypto wallets targeted in malicious npm campaign

A malicious npm package named pdf-to-office was discovered targeting cryptocurrency wallets. The package, posing as a PDF to Office converter, injects malicious code into locally installed Atomic and Exodus wallets. This attack modifies legitimate files to redirect crypto funds to the attacker's wallet. The campaign shows persistence, as removing the malicious package doesn't remove the injected code from the wallets. Multiple versions of both wallets were targeted, with the attackers adapting their code accordingly. This incident highlights the growing scope of software supply chain risks, particularly in the cryptocurrency industry, and emphasizes the need for improved monitoring of both source code repositories and locally deployed applications.

Pulse ID: 67fd41f7af4b02a0fd75fb69
Pulse Link: https://otx.alienvault.com/pulse/67fd41f7af4b02a0fd75fb69
Pulse Author: AlienVault
Created: 2025-04-14 17:12:23

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

AI Hallucinations Create a New Software Supply Chain Threat https://www.securityweek.com/ai-hallucinations-create-a-new-software-supply-chain-threat/ #SupplyChainSecurity #SupplyChain #Featured #GenAI #AI

AI Hallucinations Create a New Software Supply Chain Threat https://www.securityweek.com/ai-hallucinations-create-a-new-software-supply-chain-threat/ #SupplyChainSecurity #SupplyChain #Featured #GenAI #AI

Ha ha - "slopsquatting" sounds revolting. https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/ #ElReg #InfoSec #SupplyChain #LLM

Fast food sales slowdown forces major McDonald’s french fry supplier to cut jobs https://www.diningandcooking.com/2015880/fast-food-sales-slowdown-forces-major-mcdonalds-french-fry-supplier-to-cut-jobs/ #business #distro #FastFood #francais #france #French #FrenchMeals #imds #inflation #mcdonaldu2019s #meals #NewsUpdate #newsbreak #oovvuu #SmartNews #SupplyChain #U.S. #ve

Trump announces 20% fentanyl tariff on semiconductors and electronics, emphasizing review of entire supply chain and rejecting tariff exemptions announced earlier
#YonhapInfomax #TrumpTariffs #Semiconductors #FentanylTariff #SupplyChain #ElectronicsIndustry #Economics #FinancialMarkets #Banking #Securities #Bonds #StockMarket
https://en.infomaxai.com/news/articleView.html?idxno=58482

Dazi USA: smartphone e PC esenti! Sospiro tech
#Chip #Cina #CommercioEstero #DaziUSA #DonaldTrump #Economia #ElettronicaDiConsumo #Esenzioni #Geopolitica #Mercato #Notizie #PC #Semiconduttori #Smartphone #StatiUniti #SupplyChain #TechIndustry #TechNews #Tecnologia #USA

https://www.ceotech.it/dazi-usa-smartphone-e-pc-esenti-sospiro-tech/

Today I learned about the Tennessee-Tombigbee Waterway

https://en.wikipedia.org/wiki/Tennessee%E2%80%93Tombigbee_Waterway

AI Code Assistants: A Double-Edged Sword?

AI-powered coding tools are revolutionizing development workflows, but they come with hidden dangers:

Hallucinated Dependencies: AI suggests packages that don’t exist.
Slopsquatting Attacks: Malicious actors register these fake packages, leading to potential security breaches.
Automated Installation Risks: Some AI agents might auto-install these without developer awareness.
False Legitimacy: AI-generated summaries can falsely validate these malicious packages.

Stay Vigilant: Always double-check AI-generated code and dependencies. Trust, but verify.

#AI #CyberSecurity #DevSecOps #SupplyChain #SoftwareDevelopment
https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain

'Patients simply cannot survive': #Trump could wreck #SupplyChain for #heparin https://www.rawstory.com/tariff-2671754165/

How Data Analytics is Revolutionizing Supply Chain Optimization

Is your supply chain ready for the future?

Data analytics is becoming a game-changer in supply chain management—helping businesses forecast demand, reduce costs, and respond faster to market changes.

Discover how your supply chain can benefit from analytics!

#SupplyChain #DataAnalytics #BusinessIntelligence #Logistics #Optimization

[https://www.apsense.com/article/844786-data-analytics-and-its-role-in-supply-chain-optimization.html]

The Cyber Storm of 2025: Supply Chains, AI, and Global Tensions Collide
https://youtu.be/KmeAYAtl3P4 #cybersecurity #supplychain #AI #geopolitics #riskmangement #WEF

Space Forge sees LEO as key to strengthening US chip independence

https://fed.brid.gy/r/https://spacenews.com/space-forge-sees-leo-as-key-to-strengthening-us-chip-independence/