Cloudsmith Press Room

Press coverage

Tech Crunch: Microsoft’s open source tools were hacked to steal passwords of AI developers

Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code. According to security firm Cloudsmith and community-driven malware analysis site OpenSourceMalware, which were some of the first to flag the hack, the malware allowed the hackers to steal the users’ passwords and other sensitive credentials when they opened the compromised tools in their AI coding apps.

BBC: Deal moves software firm closer to $1bn 'unicorn' status

Cloudsmith, a Belfast software company, has received a £50m investment led by two US venture capital firms. It is the largest deal of this kind ever done by a Northern Ireland-based technology company and the investment will be used to increase hiring and accelerate software development. The company currently has 130 staff, mainly based in Belfast.

Silicon Angle: Software artifact management startup Cloudsmith raises $72M

Cloudsmith Inc., a startup that helps software teams manage application components, has secured $72 million in new funding. The Series C round was led by TCV, which was also the biggest backer of the company’s previous raise last year. Cloudsmith stated in its funding announcement today that the venture fund was joined by other existing investors and Insight Partners. The company’s total outside funding now exceeds $110 million.

Cloudsmith warns - most teams won't meet the EU Cyber Resilience Act's software supply chain deadline

Cloudsmith arrived at KubeCon with an interesting piece of survey data. Only one in four engineering teams automatically generates and verifies software bills of materials – SBOMs – at every build. For the remaining three-quarters, SBOMs exist, but they are generated manually, reactively, or only when an auditor asks. This came from a survey of 505 developers, engineers, and DevOps leads, published as the company's 2026 Artifact Management Report which was released in full last week.

Cloudsmith addresses weaponization of the software supply chain with advanced security capabilities

Cloudsmith announced the expansion of its advanced security capabilities, positioning its unified data and enforcement plane as the critical defense against the evolving software supply chain threat landscape. Cloudsmith provides a native control plane that moves security from reactive remediation to proactive protection. Instead of surfacing an undifferentiated stream of CVEs, Cloudsmith combines vulnerability, exploitability, and malware intelligence in a single enforcement layer.

Showing 1 to 10 of 20 results
Keep up to date with our monthly newsletter