Tag: software supply chain attacks
IronWorm Malware Shares Shai-Hulud Traits, Takes Threat to ‘Next Level’
Jeff Burt | | ebpf, IronWorm, jfrog, malware, Miasma, OX Security, Rust programming language, Shai-Hulud worm, software developers, software supply chain attacks, TeamPCPOpen source software developers continue to come under attack, with the latest threat being a custom malware that shares many of the attributes of the notorious Shai-Hulud self-propagating worm but comes with ...
Critical Microsoft GitHub Flaw Highlights Dangers to CI/CD Pipelines: Tenable
Jeff Burt | | Aqua Security Trivy, CI/CD cyberthreats, exposed secrets, GitHub Actions, IANS Research, malicious code, microsoft, OWASP Top 10, remote code execution, software development security, software supply chain attacks, software vulnerabilities, TenableA critical vulnerability in a popular Microsoft GitHub repository could allow a threat actor to easily exploit its CI/CD infrastructure to run arbitrary code in the repository and gain access to secrets, ...
Bad Actor Drops 36 Malicious Packages in npm, Targets Guardarian Users
Jeff Burt | | credentials, cryptocurrency, docker containers, Guardarian, kubernetes, Lazarus Group, npm malware, Python, Redis, SafeDep, Secrets, Shai-Hulud, software supply chain attacks, sonatype, StrapiThe npm code repository is again being used by a bad actor to launch a supply chain attack that includes three dozen malicious packages that appear as Strapi CMS plugins but deliver ...
Best of 2025: GitHub Action Compromise Risks Data Leaks for 23,000 Repositories
The attacker introduced malicious Python code that would expose secrets like authentication credentials in public repositories ...
Three Encryption Resolutions for DevSecOps in 2026
Jaya Mehmie | | AI supply chain attacks, automated certificate management, CA/B Forum code signing rules, certificate lifecycle management, CI/CD pipeline security, code signing certificates, dependency scanning security, DevSecOps compliance, DevSecOps New Year resolutions, DevSecOps supply chain security, open source supply chain risk, PKI for DevSecOps, secure software development lifecycle, self-signed certificate risks, software supply chain attacksAs supply chain attacks surge and AI-powered threats grow, DevSecOps teams must strengthen CI/CD security. Learn why PKI, code signing, and certificate automation are critical in the year ahead ...
GitHub Action Compromise Risks Data Leaks for 23,000 Repositories
The attacker introduced malicious Python code that would expose secrets like authentication credentials in public repositories ...
Typosquat Supply Chain Attack Targets Go Developers
A backdoor that impersonates a widely used database module in the popular Go programming language can give hackers control of infected systems, according to a senior threat intelligence analyst with developer-focused platform ...
More Than 3,000 ‘Ghost’ Accounts Spreading Malware on GitHub
GitHub and similar open-source code and project repositories have become a common target of cybercriminals looking to lure developers into unknowingly downloading malicious scripts ...
npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust
Richi Jennings | | Amit Zavery, azure, code repo, code repositories, code repository, GOOG, GOOGL, google, Google Cloud, IaaS, microsoft, Microsoft Azure, MSFT, NPM, npm registry, open source, public repository, Repos, repositories, repository, Repository Security, SEO, Software Supply Chain, software supply chain attacks, Software Supply Chain Security, Software Supply Chains, softwaresupplychain, source code repository, spam, supply chain, supply chain attacks, supply chain security, The Long ViewIn this week’s #TheLongView: The npm registry suffers spam infestation, and Microsoft makes Google sad ...
Addressing Software Supply Chain Security
Tomislav Pericin | | DAST, SAST, SCA, Software Supply Chain, software supply chain attacks, Software Supply Chain SecurityIt’s essential for organizations to learn more about the software supply chains they rely on and the steps needed to secure them. In just the past few years, we have seen a ...
