Tag: software supply chain attacks
GitHub Action Compromise Risks Data Leaks for 23,000 Repositories
The attacker introduced malicious Python code that would expose secrets like authentication credentials in public repositories ...
Typosquat Supply Chain Attack Targets Go Developers
A backdoor that impersonates a widely used database module in the popular Go programming language can give hackers control of infected systems, according to a senior threat intelligence analyst with developer-focused platform ...
More Than 3,000 ‘Ghost’ Accounts Spreading Malware on GitHub
GitHub and similar open-source code and project repositories have become a common target of cybercriminals looking to lure developers into unknowingly downloading malicious scripts ...
npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust
Richi Jennings | | Amit Zavery, azure, code repo, code repositories, code repository, GOOG, GOOGL, google, Google Cloud, IaaS, microsoft, Microsoft Azure, MSFT, NPM, npm registry, open source, public repository, Repos, repositories, repository, Repository Security, SEO, Software Supply Chain, software supply chain attacks, Software Supply Chain Security, Software Supply Chains, softwaresupplychain, source code repository, spam, supply chain, supply chain attacks, supply chain security, The Long ViewIn this week’s #TheLongView: The npm registry suffers spam infestation, and Microsoft makes Google sad ...
Addressing Software Supply Chain Security
Tomislav Pericin | | DAST, SAST, SCA, Software Supply Chain, software supply chain attacks, Software Supply Chain SecurityIt’s essential for organizations to learn more about the software supply chains they rely on and the steps needed to secure them. In just the past few years, we have seen a ...
