software supply chain security
XZ Utils-Like Takeover Attempt Targets the OpenJS Foundation
The OpenJS Foundation, which oversees multiple JavaScript projects, thwarted a takeover attempt of at least one project that has echoes of the dangerous backdoor found in versions of the XZ Utils data ...
Security Boulevard
PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found
Richi Jennings | | code reuse, open source software supply chain security, PyPI, PyPI malicious packages, pypi vuln, pypi vulnerability, python, Python Malware, Python Packages, Python vulnerability, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, Software supply chain management, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, Software Supply Chain Security Weaknesses, typosquat, Typosquatting, typosquatting attacks
Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...
Security Boulevard
GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL
Richi Jennings | | Apiiro, App Sec & Supply Chain Security, AppSec & Supply Chain Security, dependency confusion, dependency confusion attacks, GitHub, github application security, github bug, GitHub Exploit, GitHub repositories, GitHub Security Measures, github security scanning, GitHub Security Vulnerabilities, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, repo confusion, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain automation, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Weaknesses, supply chain, supply chain security, Supply-Chain Insecurity
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...
Security Boulevard
Cycode Risk Intelligence Graph (RIG) Now Built with AI Inside
Julie Peterson | | AI, Artificial Intelligence, Blog, RIG, Risk Intelligence Graph, software supply chain security
Cycode is excited to announce the launch of new GenAI capabilities in our Risk Intelligence Graph (RIG). This brings the power of natural language query to the deep insights delivered by Cycode ...
Cycode Discovers a Supply Chain Vulnerability in Bazel
Executive Summary The Cycode Research Team discovered a software supply chain vulnerability in one of Google’s open source flagship products, Bazel. We found that a GitHub Actions workflow could have been injected ...
CI/CD Pipeline Security: Best Practices Beyond Build and Deploy
CI/CD Pipeline Security Given the demand for rapid innovation and the adoption of agile methodologies, Continuous Integration/Continuous Deployment (CI/CD) pipelines have become the foundation on which all DevOps processes are built. They ...
Software Supply Chain Security Deconstructed
Julie Peterson | | Application Security, Application security posture management, ASPM, Blog, code tampering, software supply chain security, SWSC
In the last several years, software supply chain security has become a critical focus for organizations worldwide. While the SolarWinds software supply chain attack in 2020 and the Kaseya ransomware attacks in ...
Three Lessons from the Ledger Connect Kit Supply Chain Attack
Alex Ilgayev | | Application Security, Application security posture management, Blog, code tampering, Hardening SDLC, SCA, software supply chain security
On December 14, 2023, the crypto community held its breath as news of a critical compromise involving the Ledger Connect Kit, a vital software component connecting hardware wallets to dApps, hit the ...
Mastering SDLC Security: Best Practices, DevSecOps, and Threat Modeling
Julie Peterson | | Application Security, Application security posture management, ASPM, Blog, Code Leakage, code tampering, Compliance Frameworks, NIST SSDF, SLSA, software supply chain security
In the ever-evolving landscape of software development, it’s become absolutely paramount to ensure robust security measures throughout the Software Development Lifecycle (SDLC). Need proof? In the last three years alone, we’ve witnessed ...
Introducing the State of ASPM 2024 Report
Julie Peterson | | Application Security, Application security posture management, ASPM, Blog, software supply chain security
Cycode is excited to announce the release of our State of ASPM 2024 report, the first ever report to analyze the state of application security and Application Security Posture Management (ASPM)... The ...