Hot Topics

software supply chain

PyPI Malicious Package Uploads Used To Target Developers

| | Check Point, Checkmarx, countermeasures, Cyber Threats, Cybersecurity, Cybersecurity News, data theft, Developer Security, digital assets, Malicious package uploads, Malware, online security, package management, persistence, Phylum, PyPI, risk mitigation, software supply chain, Typosquatting, Windows operating system
In light of the recent cybercriminal activity, new user sign-ups on the PyPI platform were halted. Currently, an increase in PyPI malicious package uploads is being deemed the reason behind the suspension ...
TuxCare
CVE-2024-3094 The targeted backdoor supply chain attack against XZ and libzma

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and libzma

| | Everything Open Source, FEATURED, malicious injection, News and Views, software supply chain
As sure as long weekends arrive in the western world, so too does news of new supply chain attacks. The easter bank holidays were no exception, with the discovery of a targeted ...
Sonatype Blog
CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

| | Everything Open Source, FEATURED, malicious injection, News and Views, software supply chain
As sure as long weekends arrive in the western world, so too does news of new supply chain attacks. The easter bank holidays were no exception, with the discovery of a targeted ...
Sonatype Blog
Closeup of person going “Shhh!”

PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found

| | code reuse, open source software supply chain security, PyPI, PyPI malicious packages, pypi vuln, pypi vulnerability, python, Python Malware, Python Packages, Python vulnerability, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, Software supply chain management, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, Software Supply Chain Security Weaknesses, typosquat, Typosquatting, typosquatting attacks
Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...
Security Boulevard
How to safeguard your software supply chain

How to safeguard your software supply chain

| | Events and Webinars, SBOM, software supply chain
Software vulnerabilities can lead to catastrophic cyberattacks, so understanding the intricacies of your software supply chain has never been more critical ...
Sonatype Blog
What are SBOM standards and formats?

What are SBOM standards and formats?

| | News and Views, SBOM, software bill of materials, software supply chain
The growing importance of software bills of materials (SBOMs) marks a significant shift towards better transparency and security in software management ...
Sonatype Blog
Embracing the AI revolution: Navigating the impact on developers

Embracing the AI revolution: Navigating the impact on developers

| | Artificial Intelligence, dependencies, News and Views, Report/Survey/Whitepaper releases, software supply chain
In the wake of transformative advancements in generative artificial intelligence (AI) and machine learning (ML), the landscape of software development is undergoing a significant shift ...
Sonatype Blog
What are the elements of an SBOM?

What are the elements of an SBOM?

| | dependencies, SBOM, software bill of materials, software supply chain
A software bill of materials (SBOM) is not just a list, but a detailed inventory that captures the components and dependencies contained within a piece of software ...
Sonatype Blog
A fork, wrapped in delicious pasta

GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL

| | Apiiro, App Sec & Supply Chain Security, AppSec & Supply Chain Security, dependency confusion, dependency confusion attacks, GitHub, github application security, github bug, GitHub Exploit, GitHub repositories, GitHub Security Measures, github security scanning, GitHub Security Vulnerabilities, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, repo confusion, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain automation, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Weaknesses, supply chain, supply chain security, Supply-Chain Insecurity
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...
Security Boulevard
The curious case of 'csrf-magic': A case study in supply chain poisoning

The curious case of ‘csrf-magic’: A case study in supply chain poisoning

| | DevZone, software supply chain, Sonatype Repository Firewall, vulnerability
Back in the day, Ivanti disclosed CVE-2021-44529, a critical "code injection" vulnerability in its EPM Cloud Services Appliance (CSA) product ...
Sonatype Blog
Load more