March 30, 2023
The VOIP software vendor missed signs that its client software had been tampered with before it pushed the update to customers.
March 28, 2023
Common flaws are duplicated all across the software supply chain. Here's how security researchers want to automate fixes.
March 27, 2023
The new Visual Studio Code IDE hack highlights the risk of spreading beyond the Extensions Marketplace. Here's how the threat can proliferate to npm.
March 23, 2023
This week: NuGet is hit with a malicious typosquatting campaign. Also: A malicious ChatGPT Chrome extension is hijacking Facebook accounts.
March 22, 2023
Here's how CorePlague works — and key takeaways from the vulnerabilities for your application security team.
March 21, 2023
Software secrets are targeted by malicious actors. Here are three key steps to mitigate risk — and best practices you can take to prevent future breaches.
March 20, 2023
Experts weigh in on a new OpenSSF SLSA framework survey — and the overall state of supply chain security practices.
March 15, 2023
GitHub is a weak link in the software supply chain. Finally, Microsoft is doing something about it — by forcing users into two-factor authentication (2FA).