After hack, CircleCI tells devs to update secrets now
In this latest attack on software development environments, the CircleCI platform may have exposed secrets used by millions of software developers.
After hack, CircleCI tells devs to update secrets now
Shift the SOC left: Why you should integrate DevOps with SecOps
The collaboration between SOCs and software development teams is essential to taking on the challenge of software supply chain attacks. Here's why.
How to harden machine learning models against adversarial attacks
As attacks become more sophisticated, it is imperative to harden machine learning (ML) models and reduce the adversary’s ability to evade detection.
The Week in Security: Ransomware attacks close out 2022 with a bang, PyTorch compromise explored
Welcome to 2023’s first edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
.webp&w=3840&q=75)
PyTorch supply chain attack: Dependency confusion burns DevOps
A classic dependency confusion attack revealed itself last week.
10 software supply chain attacks you can learn from
Supply chain attacks are surging — and no one is immune. That has CISOs and boards worried. Learn from these notable software supply chain attacks.
The Week in Security: Okta says source code stolen. Also: SentinelSneak: PyPi moduel poses as security SDK
Welcome to the latest edition of The Week in Security, which brings you the latest headlines across the full stack of security: application security; cybersecurity; and beyond.
DraftKings fantasy? How YOU can prevent credential stuffing attacks
...
SentinelSneak: Malicious PyPI module poses as security software development kit
A malicious Python file found on the PyPI repository adds backdoor and data exfiltration features to what appears to be a legitimate SDK client from SentinelOne.
Expert panel: No ‘silver bullet’ for supply chain security
Experts and a top analyst discussed the state of software supply chain security in a recent Webinar. Here are key takeaways from their discussion.
Ahoy! More insecure code washes ashore with AlphaCode
Alphabet’s DeepMind brings us AlphaCode — another AI code-generating parlor trick. And, just like its large language model cousins, it can spit out buggy code.
The Week in Security: Software supply chain attack mines diamond industry, npm security boosted
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
ChatGPT: Parlor trick or Stack Overflow replacement?
Conversational AI language model ChatGPT can write code. But is it any good?
New supply chain mandates: Uncle Sam wants you (to secure your software)!
Here are the key elements of Executive Order 14028, and software supply chain security guidance from the Enduring Security Framework working group.