Open-source security: It’s too easy to upload ‘devastating’ malicious packages, warns Google
Google has detailed some of the work done to find malicious code packages that have been sneaked into bigger open-source software projects. The Package...
Google has detailed some of the work done to find malicious code packages that have been sneaked into bigger open-source software projects. The Package...
The Open Source Security Foundation (OpenSSF) has announced the initial prototype release of a new tool that’s capable of carrying out dynamic analysis of...
The Open Source Security Foundation (OpenSSF) has announced a new project whose goal is to help identify malicious packages in open source repositories. The...
Image: Shutterstock Eight cybersecurity authorities from the Five Eye nations have come together to release a joint cybersecurity advisory that more malicious cyber activity...
Two new security vulnerabilities have been disclosed in Rockwell Automation’s programmable logic controllers (PLCs) and engineering workstation software that could be exploited by an...
A threat actor dubbed “RED-LILI” has been linked to an ongoing large-scale supply chain attack campaign targeting the NPM package repository by publishing nearly...
A “large scale” attack is targeting Microsoft Azure developers through malicious npm packages. On Wednesday, cybersecurity researchers from JFrog said that hundreds of malicious...
A new large scale supply chain attack has been observed targeting Azure developers with no less than 218 malicious NPM packages with the goal...
Another batch of 25 malicious JavaScript libraries have made their way to the official NPM package registry with the goal of stealing Discord tokens...
Cisco has released security updates to contain three vulnerabilities affecting its products, including one high-severity flaw in its Email Security Appliance (ESA) that could...