software supply chain security

From The Hacker News – Have We Reached a Distroless Tipping Point?

There’s a virtuous cycle in technology that pushes the boundaries of what’s being built and how it’s being used. A new technology development emerges and captures the world's attention. People start experimenting and discover novel applications, use cases, and approaches to maximize the innovation's potential. These use cases generate significant value, fueling demand for the next iteration of

shaikh Saqib April 4, 2025

News

From Security Week – Critical Apache Parquet Vulnerability Leads to Remote Code Execution

[[{"value":"A critical vulnerability in Apache Parquet can be exploited to execute arbitrary code remotely, leading to complete system compromise. The post Critical Apache Parquet Vulnerability Leads to Remote Code Execution…

shaikh Saqib April 4, 2025

News

From Security Week – 39 Million Secrets Leaked on GitHub in 2024

[[{"value":"GitHub has announced new capabilities to help organizations and developers keep secrets in their code protected. The post 39 Million Secrets Leaked on GitHub in 2024 appeared first on SecurityWeek."}]] Read…

shaikh Saqib April 3, 2025

News

From Security Week – 9-Year-Old NPM Crypto Package Hijacked for Information Theft

[[{"value":"Nearly a dozen crypto packages on NPM, including one published 9 years ago, have been hijacked to deliver infostealers. The post 9-Year-Old NPM Crypto Package Hijacked for Information Theft appeared…

shaikh Saqib March 28, 2025

News

From The Hacker News – Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts

Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems. "Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate functionality to blockchain developers," Sonatype researcher Ax Sharma said. "However, [...] the latest

shaikh Saqib March 28, 2025

News

From Dark Reading – What CISA’s Red Team Disarray Means for US Cyber Defenses

DOGE is making wild moves at CISA, including bringing back fired probationary employees only to put them on paid leave, and reportedly gutting the agency's red teams. Read More

shaikh Saqib March 22, 2025

News

From Cyber Security News – Google Released Open Source Version of OSV-Scanner Tool for Vulnerability Scanning

Google has officially launched OSV-Scanner V2.0.0, a major upgrade to its open-source vulnerability scanning tool. Released on March 17, 2025, this new version represents a significant evolution in helping developers…

shaikh Saqib March 18, 2025

News

From Cyber Security News – 23,000 GitHub Repositories Targeted In Supply Chain Attack

In a massive security breach discovered this week, approximately 23,000 GitHub repositories have been compromised in what security experts are calling one of the largest supply chain attacks to date.…

shaikh Saqib March 18, 2025

News

From Security Week – Popular GitHub Action Targeted in Supply Chain Attack

[[{"value":"The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack. The post Popular GitHub Action Targeted in Supply Chain Attack appeared first…

shaikh Saqib March 17, 2025

News

From The Hacker News – Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal

Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as "time" related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens. Software supply chain security firm ReversingLabs said it discovered two sets of packages totaling 20 of them. The packages

shaikh Saqib March 15, 2025

News

From Dark Reading – Democratizing Security to Improve Security Posture

Analysts weigh in on how democratizing cybersecurity could benefit organizations, particularly SMBs, as threats increase across the landscape. Read More

shaikh Saqib March 11, 2025

News

From The Hacker News – Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems

Cybersecurity researchers are alerting of an ongoing malicious campaign targeting the Go ecosystem with typosquatted modules that are designed to deploy loader malware on Linux and Apple macOS systems. "The threat actor has published at least seven packages impersonating widely used Go libraries, including one (github[.]com/shallowmulti/hypert) that appears to target financial-sector developers

shaikh Saqib March 5, 2025

News

From Cyber Security News – OpenSSF Released Security Baseline for Linux Projects

The Open Source Security Foundation (OpenSSF) has launched the Open Source Project Security Baseline (OSPS Baseline), a tiered framework designed to standardize security practices for Linux and other open-source projects. …

shaikh Saqib February 27, 2025

News

From Security Week – OpenSSF Releases Security Baseline for Open Source Projects

[[{"value":"The Open Source Security Foundation (OpenSSF) has created a structured set of security requirements for open source projects. The post OpenSSF Releases Security Baseline for Open Source Projects appeared first…

shaikh Saqib February 26, 2025

News

From Cyber Security News – 200 Malicious GitHub Repos Attacking Developers to Deliver Malware

In an era where open-source collaboration drives software innovation, a sophisticated cyber campaign dubbed GitVenom has emerged as a critical threat to developers. Security researchers have uncovered over 200 malicious…

shaikh Saqib February 25, 2025