January 11, 2023
In this latest attack on software development environments, the CircleCI platform may have exposed secrets used by millions of software developers.
January 11, 2023
Researchers compromised source code and development infrastructure for Mercedes-Benz and SiriusXM Connected Vehicle Services, raising security concerns.
January 4, 2023
The PyTorch open source software supply chain was compromised by a hacker publishing a malicious torchtriton clone on PyPI. Here's the craic.
January 4, 2023
Supply chain attacks are surging — and no one is immune. That has CISOs and boards worried. Learn from these notable 2022 software supply chain attacks.
December 22, 2022
Okta is hit with another supply chain attack. Also, ReversingLabs discovered a malicious PyPI package posing as a SentinelOne SDK client.
December 19, 2022
A malicious Python file found on the PyPI repo adds backdoor and data exfiltration features to what appears to be a legitimate SDK client from SentinelOne.
December 19, 2022
Experts and a top analyst discussed the state of software supply chain security in a recent Webinar. Here are key takeaways from their discussion.
December 8, 2022
This week: An APT group carried out a data wiping supply chain attack globally. Also: GitHub has introduced new security features for its npm repository.