PyTorch supply chain attack: Dependency confusion burns DevOps

A classic dependency confusion attack revealed itself last week.

10 software supply chain attacks you can learn from

Supply chain attacks are surging — and no one is immune. That has CISOs and boards worried. Learn from these notable software supply chain attacks.

The Week in Security: Okta says source code stolen. Also: SentinelSneak: PyPi moduel poses as security SDK

Welcome to the latest edition of The Week in Security, which brings you the latest headlines across the full stack of security: application security; cybersecurity; and beyond.

Expert panel: No ‘silver bullet’ for supply chain security

Experts and a top analyst discussed the state of software supply chain security in a recent Webinar. Here are key takeaways from their discussion.

The Week in Security: Software supply chain attack mines diamond industry, npm security boosted

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

New supply chain mandates: Uncle Sam wants you (to secure your software)!

Here are the key elements of Executive Order 14028, and software supply chain security guidance from the Enduring Security Framework working group.

Log4j one year in: Vulnerability fuels attacks — and a new urgency for software supply chain security

The Week in Security: Docker Hub leaks secrets, Black Basta ransomware gangs up on retailer

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

GitHub repojacking attack: 10 lessons for software teams

Software supply chain attacks are on the rise because of their reach. Here are 10 valuable lessons from the recent GitHub namespace attack.

The Week in Security: Disguised Russian software used in U.S. Army, CDC applications

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

The Week in Security: Former Uber CSO convicted over hack cover-up, supply chain attack targets media

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

Forrester Security & Risk Forum: Go beyond the software bill of materials

The Forrester Security & Risk Forum tool place this week in Washington D.C. with a full agenda, tackling a range of issues, from the cyber implications of geopolitical disruptions to the privacy and security implications of the Metaverse.

Special report: End-to-end supply chain security demands dev and SOC teams shift left together

Security operations centers (SOCs) and developers need to share the responsibility for securing the software supply chain. Find out why in ReversingLabs' latest report.

National Cyber Director: Higher bar for software supply chain security is key to cyber resilience

Chris Inglis said the government is setting a new bar for supply chain security as the national cybersecurity focus shifts from incident response to cyber resilience.

Google pairs GUAC with SLSA to take a bite out of software supply chain insecurity

Google is putting its weight behind a project to offer a comprehensive view of your software. Enter GUAC: Graph for Understanding Artifact Composition.