Python Security: Safeguarding our Code
Malicious Python security packages on PyPI and Git-Hub are the snake in the grass for security teams and developers The Rise of Python Security Exploits The Python Package Index (PyPI) and Git-Hub ...
Forrester Research: The State of Application Security 2023
Get your complimentary copy of Forrester's 'The State of Application Security, 2023' ...
Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks
Executive Summary ReversingLabs researchers recently discovered more than a dozen malicious packages published to the npm open source repository that appear to target application end users while also supporting email phishing campaigns ...
Developers beware: Imposter HTTP libraries lurk on PyPI
While monitoring different malicious packages found in public software repositories, ReversingLabs researchers have noticed an increase of malicious HTTP libraries on the Python Package Index (PyPI) repository. Actually, we should air-quote “HTTP ...
2023 Predictions for Modern Application Security
Software dominates the world and remains abig and accessible attack surface.In 2022, an estimated $6Bwas invested in Application Security, with that number expected to reach $7.5B in 2023. Within AppSec, software supply chain ...
OpenSSF’s npm best practices: A solid first step for software supply chain security — but trust issues remain
Here's what you need to know about the new OpenSSF npm security best practices ...
What is Typosquatting? Learn how to defend against it.
Typosquatting is a form of cybersquatting or domain squatting in which the typo-squatter will register malicious website domain names that are typos or misspellings of popular websites. The post What is Typosquatting? ...
The Promise of Open Source Code and the Paradox of ‘ProtestWare’
The Open Source Software (OSS) community has been split in two after an OSS author repurposed his own library to protest the Ukrainian-Russian war. On March 7, RIAEvangelist released several versions of ...
