PyPI repo poisoned with "Colour-Blind" RAT
Here are the key takeaways from the Colour-Blind remote access trojan, with insights from supply chain security experts
John P. Mello Jr.
Freelance technology writer. John's work has appeared in the The Boston Globe and Boston Herald, as well as CFO, CIO, CSO, and Inc. magazines. He is a former managing editor of the Boston Business Journal and Boston Phoenix, as well as a staff writer for Government Security News.
Posts from John P. Mello Jr.
PyPI repo poisoned with "Colour-Blind" RAT
OSC&R targets software supply chain attacks
Modeled after MITRE ATT&CK, OSC&R aims to improve software supply chain security. Experts share its hits — and misses.
Why knowing the "ground truth" is key to software security
Software bills of materials (SBOMs) deliver a ground truth for software teams. Here's how they can protect their supply chains.
The Week in Security: When AI attacks, ChatGPT lowers the bar for developing malware
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
10 software supply chain attacks you can learn from
Supply chain attacks are surging — and no one is immune. That has CISOs and boards worried. Learn from these notable software supply chain attacks.
GitHub repojacking attack: 10 lessons for software teams
Software supply chain attacks are on the rise because of their reach. Here are 10 valuable lessons from the recent GitHub namespace attack.
The state of CI/CD security: Upgrade your software supply chain tools to maintain velocity and security
Here's what you need to know about the state of CI/CD tools — and why you need to upgrade your tools and approach to deliver secure software at speed.
SBOMs are critical to AppSec — but only the first step in your journey
Here's what to focus on for a comprehensive approach to application security across your entire software development pipeline.
Packagist PHP repo supply chain attack: 3 key takeaways
A PHP repository vulnerability threatened millions of sites. Here's why you need to make an SBOM the first step in your software supply chain security journey.