Move over, npm: Now VS Code extensions can’t be trusted
It’s super easy to spoof Visual Studio Code extensions. And those spoofed extensions are incredibly hard to detect.
Read More about Move over, npm: Now VS Code extensions can’t be trustedAppSec & Supply Chain Security
Move over, npm: Now VS Code extensions can’t be trusted
AI unleashed: Are you repared for next-gen software supply chain attacks?
ChatGPT and Copilot are a clear and present danger to software security. Modernize your AppSec approach today
Read More about AI unleashed: Are you repared for next-gen software supply chain attacks?
The Week in Security: PyPI hit by ‘Lolip0p’ info-stealing attack, ransomware targets ship fleet
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: PyPI hit by ‘Lolip0p’ info-stealing attack, ransomware targets ship fleet
Why you should get out in front of software security requirements
Get out in front of new compliance requirements for a competitive advantage. Here's what your software organization needs to know.
Read More about Why you should get out in front of software security requirements
The CircleCI secrets hack: A red flag on software supply chain risk
Security teams should consider software supply chain risk through a new lens after the latest CircleCI incident.
Read More about The CircleCI secrets hack: A red flag on software supply chain risk
App sec and the supply chain: Work in tandem with engineers to achieve true software security
Application security is foundational to the software supply chain security ecosystem. But it takes a village. Derek Fisher explains in this fireside chat with Matt Rose.
Read More about App sec and the supply chain: Work in tandem with engineers to achieve true software security
If you don't love me now: JsonWebToken could break the software supply chain (again)
The JsonWebToken library has a flaw that could have lead to remote code execution (RCE).
Read More about If you don't love me now: JsonWebToken could break the software supply chain (again)
Danger: Researchers exploit gaps in connected vehicle software supply chain
Researchers compromised source code and development infrastructure for Mercedes-Benz and SiriusXM Connected Vehicle Services, raising security concerns.
Read More about Danger: Researchers exploit gaps in connected vehicle software supply chain
After hack, CircleCI tells devs to update secrets now
In this latest attack on software development environments, the CircleCI platform may have exposed secrets used by millions of software developers.
Read More about After hack, CircleCI tells devs to update secrets now.webp&w=3840&q=75)
PyTorch supply chain attack: Dependency confusion burns DevOps
A classic dependency confusion attack revealed itself last week.
Read More about PyTorch supply chain attack: Dependency confusion burns DevOps
10 software supply chain attacks you can learn from
Supply chain attacks are surging — and no one is immune. That has CISOs and boards worried. Learn from these notable software supply chain attacks.
Read More about 10 software supply chain attacks you can learn from
The Week in Security: Okta says source code stolen. Also: SentinelSneak: PyPi moduel poses as security SDK
Welcome to the latest edition of The Week in Security, which brings you the latest headlines across the full stack of security: application security; cybersecurity; and beyond.
Read More about The Week in Security: Okta says source code stolen. Also: SentinelSneak: PyPi moduel poses as security SDK
Expert panel: No ‘silver bullet’ for supply chain security
Experts and a top analyst discussed the state of software supply chain security in a recent Webinar. Here are key takeaways from their discussion.
Read More about Expert panel: No ‘silver bullet’ for supply chain security
The Week in Security: Software supply chain attack mines diamond industry, npm security boosted
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: Software supply chain attack mines diamond industry, npm security boosted
New supply chain mandates: Uncle Sam wants you (to secure your software)!
Here are the key elements of Executive Order 14028, and software supply chain security guidance from the Enduring Security Framework working group.
Read More about New supply chain mandates: Uncle Sam wants you (to secure your software)!