Software bills of materials (SBOMs) deliver a ground truth for software teams. Here's how they can protect their supply chains.
Read More about Why knowing the "ground truth" is key to software security
Aabquerys is a malicious npm package discovered typosquatting on a legitimate module that downloads malicious components
Read More about Open-source repository malware sows Havoc
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: CISA operationalizes software supply chain security, GuLoader targets e-commerce
Researcher Eaton Zveare discloses massive back door in Toyota web app exploiting a JsonWebToken used for authentication
Read More about Leaky app gives researcher 'total, global control' over the Toyota supplier network
Supply chain risk management guidance incoming, like it or not
Read More about C-SCRM: We’re from the government — and we’re here to help with software supply chain security
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: Russia takes aim at Ukraine with Sandworm, the truth about Russia's top search engine
Here's how risks emerge with third-party software, and why third-party partners are best for validating software security end-to-end
Read More about Leverage third-party software validation to bolster your supply chain security
Firing ‘the best of the best’ does not bode well for software security. Will the last to leave please turn off the lights?
Read More about Google’s Open Source Team Layoffs A Security Risks
Software Bills of Materials could become Software Bills of Mediocrity. But not if we can agree on their real value for software supply chain security.
Read More about Go beyond Software Bills of Mediocrity
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: After breach, 'unusual activity' detected in GoTo and LastPass dev environments
The Log4Shell vulnerability is considered to be one of the most significant software bugs in recent years, because of its severity, pervasiveness and long-lasting impact on organizations.
Read More about Lessons from Log4Shell: 4 key takeaways for DevSecOps teams
It’s super easy to spoof Visual Studio Code extensions. And those spoofed extensions are incredibly hard to detect.
Read More about Move over, npm: Now VS Code extensions can’t be trusted
ChatGPT and Copilot are a clear and present danger to software security. Modernize your AppSec approach today
Read More about AI unleashed: Are you repared for next-gen software supply chain attacks?
ReversingLabs’ YARA detection rule for Black Basta can help you find this ransomware in your environment.
Read More about From the Labs: YARA Rule for Detecting Black Basta
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: PyPI hit by ‘Lolip0p’ info-stealing attack, ransomware targets ship fleet