software supply chain
PyPI Malicious Package Uploads Used To Target Developers
Wajahat Raja | | Check Point, Checkmarx, countermeasures, Cyber Threats, Cybersecurity, Cybersecurity News, data theft, Developer Security, digital assets, Malicious package uploads, Malware, online security, package management, persistence, Phylum, PyPI, risk mitigation, software supply chain, Typosquatting, Windows operating system
In light of the recent cybercriminal activity, new user sign-ups on the PyPI platform were halted. Currently, an increase in PyPI malicious package uploads is being deemed the reason behind the suspension ...
CVE-2024-3094 The targeted backdoor supply chain attack against XZ and libzma
Ilkka Turunen | | Everything Open Source, FEATURED, malicious injection, News and Views, software supply chain
As sure as long weekends arrive in the western world, so too does news of new supply chain attacks. The easter bank holidays were no exception, with the discovery of a targeted ...
CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma
Ilkka Turunen | | Everything Open Source, FEATURED, malicious injection, News and Views, software supply chain
As sure as long weekends arrive in the western world, so too does news of new supply chain attacks. The easter bank holidays were no exception, with the discovery of a targeted ...
PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found
Richi Jennings | | code reuse, open source software supply chain security, PyPI, PyPI malicious packages, pypi vuln, pypi vulnerability, python, Python Malware, Python Packages, Python vulnerability, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, Software supply chain management, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, Software Supply Chain Security Weaknesses, typosquat, Typosquatting, typosquatting attacks
Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...
Security Boulevard
How to safeguard your software supply chain
Software vulnerabilities can lead to catastrophic cyberattacks, so understanding the intricacies of your software supply chain has never been more critical ...
What are SBOM standards and formats?
The growing importance of software bills of materials (SBOMs) marks a significant shift towards better transparency and security in software management ...
Embracing the AI revolution: Navigating the impact on developers
Aaron Linskens | | Artificial Intelligence, dependencies, News and Views, Report/Survey/Whitepaper releases, software supply chain
In the wake of transformative advancements in generative artificial intelligence (AI) and machine learning (ML), the landscape of software development is undergoing a significant shift ...
What are the elements of an SBOM?
A software bill of materials (SBOM) is not just a list, but a detailed inventory that captures the components and dependencies contained within a piece of software ...
GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL
Richi Jennings | | Apiiro, App Sec & Supply Chain Security, AppSec & Supply Chain Security, dependency confusion, dependency confusion attacks, GitHub, github application security, github bug, GitHub Exploit, GitHub repositories, GitHub Security Measures, github security scanning, GitHub Security Vulnerabilities, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, repo confusion, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain automation, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Weaknesses, supply chain, supply chain security, Supply-Chain Insecurity
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...
Security Boulevard
The curious case of ‘csrf-magic’: A case study in supply chain poisoning
Back in the day, Ivanti disclosed CVE-2021-44529, a critical "code injection" vulnerability in its EPM Cloud Services Appliance (CSA) product ...