
The future is here: AI-borne ransomware has arrived
ESET researchers have discovered malware that taps into OpenAI’s large language model to assist in ransomware attacks.
Learn More about The future is here: AI-borne ransomware has arrivedBuild system hardening is the practice of securing the infrastructure, tools, and workflows involved in compiling, linking, and packaging software. It consists of implementing security controls that prevent unauthorized access, reduce the attack surface, and ensure the integrity of the software build process.
This process applies to CI/CD pipelines, build servers (e.g., Jenkins, GitLab, GitHub Actions), and associated systems that convert source code into deployable software.
Build systems are a prime target for attackers seeking to compromise software at its source. A successful attack can inject malicious code into trusted outputs, bypass security controls, and impact thousands of downstream users.
Hardening these systems:
Hardening involves implementing layered security controls across five key domains:
Practice | Focus Area | Key Difference |
---|---|---|
Secure Build Environments | Physical and infrastructure-level isolation | Hardening includes policies, IAM, integrity, and monitoring |
CI/CD Pipeline Security | Workflow and process protection | Build system hardening focuses specifically on build components |
Runtime Security | Protects deployed software | Build hardening prevents threats before deployment |
ESET researchers have discovered malware that taps into OpenAI’s large language model to assist in ransomware attacks.
Learn More about The future is here: AI-borne ransomware has arrivedRL has discovered a loophole on VS Code Marketplace that allows threat actors to reuse legitimate, removed package names for malicious purposes.
Learn More about Loophole allows threat actors to claim VS Code extension namesCycloneDX 1.6's ML-BOM, SaaSBOM, and CBOM are non-negotiable visibility requirements in the software supply chain security era.
Learn More about Rise of the xBOM: The new go-to tool for software security