Tag: software supply chain attacks

GitHub Action Compromise Risks Data Leaks for 23,000 Repositories
The attacker introduced malicious Python code that would expose secrets like authentication credentials in public repositories ...

Typosquat Supply Chain Attack Targets Go Developers
A backdoor that impersonates a widely used database module in the popular Go programming language can give hackers control of infected systems, according to a senior threat intelligence analyst with developer-focused platform ...

More Than 3,000 ‘Ghost’ Accounts Spreading Malware on GitHub
GitHub and similar open-source code and project repositories have become a common target of cybercriminals looking to lure developers into unknowingly downloading malicious scripts ...

npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust
In this week’s #TheLongView: The npm registry suffers spam infestation, and Microsoft makes Google sad ...

Addressing Software Supply Chain Security
It’s essential for organizations to learn more about the software supply chains they rely on and the steps needed to secure them. In just the past few years, we have seen a ...