First, Twitter's source code was leaked. Then it open-sourced its ranking algorithm. Should we worry about the unintended consequences of “transparency”?
Read More about With Twitter code in the wild, DevSecOps doubts surface
Here's what you need to know about BuildKit and its Supply Chain Levels for Software Artifacts (SLSA) provenance capabilities for SBOMs.
Read More about Docker's BuildKit adds attestation: How it works and key limitations
The compromise was limited to their app. But there's a bigger lesson: Supply chain security complacency comes with a cost.
Read More about The 3CX breach was targeted — but the plan was broader
Here's how robust threat hunting and malware analysis can enhance your triage process — and help you get a handle on software supply chain security.
Read More about Integrate threat hunting into SOC triage to mitigate software supply chain risk
The VOIP software company missed signs that its client had been tampered with before it pushed the update to customers.
Read More about Red flags flew over software supply chain-compromised 3CX update
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: Twitter gets subpoena for source code leak, 3CX supply chain attack surfaces
Purr-fect? Or cat-astrophe? Microsoft wants you to cat nap as its Security Copilot combats software security threats.
Read More about Do you trust AI to find app sec holes while you sleep?
Flaws quickly spread across the supply chain. Here's how researchers at Alpha Omega and beyond are automating fixes.
Read More about How bulk pull requests help scale open source bug fixes
A Visual Studio Code Extensions Marketplace flaw highlights the risk potential. Here's how the VS Code IDE can proliferate to npm.
Read More about VS Code hack shows how supply chain attacks can extend to other software development tools
ReversingLabs YARA detection rule for NB65 can help you find this ransomware in your environment.
Read More about From the Labs: YARA Rule for Detecting NB65
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: NuGet hit by typosquatting, fake ChatGPT plug-in hijacks Facebook accounts
The vulnerabilities left the door open to malicious plug-in updates. Here's what you need to know.
Read More about Jenkins patches high-severity XSS vulnerabilities: Lessons learned from CorePlague
Software secrets are in the crosshairs of malicious actors. Here are three key steps to mitigate risk — and best practices your team can take to prevent future breaches.
Read More about How to mitigate secrets risk — and prevent future breaches.webp&w=3840&q=75)
While best practices adoption for AppSec is up, many supply chain security problems remain, the OpenSSF SLSA framework survey shows.
Read More about Application security practices are maturing — but it's a work in progress
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: YoroTrooper steals credentials in Europe, AI-created videos spread malware