Octopus Scanner Compromises 26 OSS Projects on GitHub

Updated from original May 29th post. Making a salad for lunch or dinner? What ingredients do you use? Lettuce, carrots, onions, tomatoes, dressing? If you just go by the list of ingredients, ...

Octopus Malware Compromises 26 OSS Projects on GitHub

Updated from original May 29th post. Making a salad for lunch or dinner? What ingredients do you use? Lettuce, carrots, onions, tomatoes, dressing? If you just go by the list of ingredients, ...

What Developers Need to Know About WhatsApp’s Recent Security Dilemma

Last week, reports, like this one from Dark Reading, surfaced a remotely exploitable bug found in Facebook’s popular WhatsApp chat app, that spies on users and specifically targeted human rights groups. Facebook ...

The Dot Zero Conundrum and the New Frontier of Securing Open Source

Over the past two years, I’ve spoken about more than instances of adversaries intentionally publishing malicious components into public open source and container repositories. Adversaries used these attacks to mine cryptocurrency, steal ...

Anatomy of the RubyGems ‘rest-client’ hack, and getting creative about open source security

Over the last several years, we’ve been raising awareness of breaches to popular open source software components and the worrying trend that they are more frequently being attacked at the source - ...

Nexus Intelligence Insights: Sonatype-2018-0413, flatmap-stream’s back, back again

Thought you cleaned up your malicious flatmap-stream code? Check again. You may have thought you'd read everything there was to read about flatmap-stream and as a result, fixed the offending component once ...

Nexus Intelligence Insights: CVE-2019-13354: ‘strong_password’ embedded malicious code, RubyGems

We typically don’t follow one monthly Nexus Intelligence Insights post on the heels of another, but July’s vulnerability is time sensitive so we didn’t want to delay getting the next edition out ...