Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

Tag: typosquatting

How Open Source Dependency and Repo Attacks Compromise DevOps Pipelines and How to Stay Safe 

How Open Source Dependency and Repo Attacks Compromise DevOps Pipelines and How to Stay Safe 

| | CVE, Dependency Governance, log4j, Malicious Code Injection, open source security, Package Managers, SBoM, secure development, supply chain risk, typosquatting
Modern applications rely on open source components for up to 90% of their code, creating a vast attack surface dominated by inhemalicious supply chain injections. High-profile incidents like Log4j and the sabotage ...
MongoDB Cycode azure

The Risk Profile of AI-Driven Development 

| | AI-generated code, AIBOM, autonomous development, autonomous security, challenge bottleneck, CI CD gating, cloud-native security, Dependency Management, GRC engineering, hallucinations, IDE controls, license compliance, machine speed enforcement, OpenSSF Gemara, Outdated Dependencies, policy based dependency selection, prompt level governance, review bottleneck, runtime transparency, SBoM, secure by default, shift left security, Software Supply Chain, threat modeling, transitive dependencies, trusted registries, typosquatting
Analysis arguing that AI-driven code generation accelerates dependency decisions and expands supply-chain risk, requiring shift-left governance, prompt-level controls, automated SBOM/AIBOM visibility, threat-modeling as engineering, and autonomous security to match autonomous development ...
talent SRE Tidelift DevOps software, developers, testers, friends

N. Korean Famous Chollima Hackers Use Malicious npm Packages to Steal Data

| | Contagious Interview, Famous Chollima, infostealer, linux, macOS, malicious npm packages, Microsoft Windows, Pastebin, remote access trojan (RAT), Socket, software developers, typosquatting
A group of more than two dozen malicious npm packages used to steal secrets and credentials from software developers has all the hallmarks – from infrastructure to operations – of Famous Chollima, ...
Bad Actor Targets Linux, macOS Developers with Typosquatted Go Packages

Bad Actor Targets Linux, macOS Developers with Typosquatted Go Packages

| | Cybersecurity, Go, software supply chain risks, typosquatting
The attacker published at least seven malicious packages on the Go Module Mirror that, if installed, will deliver a backdoor ...