PyPI repo poisoned with "Colour-Blind" RAT
Here are the key takeaways from the Colour-Blind remote access trojan, with insights from supply chain security experts
PyPI repo poisoned with "Colour-Blind" RAT
The Week in Security: Lazarus attacks same South Korean entity twice, use of hard-coded secrets is up
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Why software transparency is critical
Understanding supply chain security is critical in a software-driven society. Here's an overview of our upcoming book.
App sec is addicted to vulnerability reporting: Why supply chain security requires evolution
Teams are mired in CVEs, the NVD (which is fed by CVE data), and the CVSS. Experts explain why it's time to modernize.
White House cyber strategy: A love/hate story
In a first, the Biden administration will hold software developers accountable for vulnerabilities. Naturally, it’s dividing opinions
The Week in Security: LastPass shares disturbing breach details, CISA calls for software maker liability
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
LastPass revelations: BIG lessons for DevSecOps teams
Why was an engineer allowed to access critical keys from a home computer? "DevOops."
3 reasons to upgrade your AppSec testing to tackle supply chain security
Modern software development is a primary target for supply chain attacks. Here's why traditional application security testing alone is not up to the job.
SBOM Automation: The next big step in risk management
SBOM automation is no longer just a nice-to-have — it's an absolute necessity.
Lessons learned from the CircleCI secrets breach
The CircleCI breach reveals a bigger story on secrets. Matt Rose and Chris Wilder discuss lessons learned in this webinar
How C-SCRM could fill the gaps on supply chain security
The new CISA office could make a big difference — and even lead to a new discipline dedicated to software supply chain security
Why devs and repos spill secrets
The Circle CI breach and other recent hacks expose why the secrets problem is so prolific. Here's what you need to know.
The Week in Security: U.S. Special Ops Command server exposed emails, phishing campaign hits npm
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Developers beware: Imposter HTTP libraries lurk on PyPI
ReversingLabs researchers discovered dozens of malicious packages on Python Package Index that mimic popular libraries
Core-JS: Beware hidden dependencies from indebted Russian developers
This is not a drill: Denis Pushkarev has big debts — and his code is EVERYWHERE