The FBI warned that TeamPCP software supply chain attacks targeted developer tools to steal cloud credentials, SSH keys, and ...
The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn't abuse them to publish ...
The Federal Bureau of Investigation (FBI) has issued a FLASH on the cybercriminal group TeamPCP, which has carried out large-scale software supply chain compromises by targeting widely used developers ...
Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was created ...
As software supply chains grow increasingly interconnected, security threats continue to evolve. While common risks like third-party vulnerabilities and dependency issues are well-known, less-common ...
When AI-assisted vulnerability discovery makes it dramatically easier to identify weaknesses hidden inside modern dependency ...
Secure software supply chain solution provider Chainguard Inc. today expanded its Chainguard Repository product with malware ...
Over the past several years, software supply chain security and maintenance have become a cornerstone of national security. From George W. Bush to Joe Biden, each presidency has faced its ...
It has been a bad six weeks for security firm Checkmarx. Over the past 40 days, it has been the victim of at least one supply-chain attack that delivered malware to customers on two separate occasions ...
In the beginning, we identified two major types of software supply chain attacks and nine minor types. The world keeps insisting on a broader definition. In the spring of 2020, it really mattered to ...