North Korean attackers pose as recruiters for financial firms to lure developers into executing trojanized Python projects on their machines as part of fake job interviews.
Lazarus Group has been observed continuing its VMConnect campaign by targeting developers with new malicious software packages on open source repositories, according to ReversingLabs.
Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments.
Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware.
Attackers have added aggressive social engineering to their arsenal, along with a novel Windows-manipulating persistence mechanism that demands developer vigilance.
Your organization runs on commercial software far more than it does open source.
To detect all kinds of software supply chain attacks, software-producing and consuming organizations need to have access to a collection of mature malware intelligence, in addition to complex binary analysis and reproducible builds.
President Biden’s call for the mainstreaming of Software Bill of Materials (SBOMs) is a major step forward.
GenAI is very much in the mix as a potent X-factor in cybersecurity.
Supply chain security is rapidly emerging as a material risk for enterprise software buyers.
Guest Tomislav Pericin, Founder and Chief Software Architect of ReversingLabs, joins to discuss their "Free Resource to Conduct Risk Assessments on Open-Source Software."
Nearly 60 new malicious packages have been uploaded to the NuGet package manager to deploy the SeroXen RAT in a supply chain attack that has been underway since last August, The Hacker News reports.
Tomislav Pericin, chief software architect for ReversingLabs, explains how a website the company set up, which keeps track of how secure open source software packages are, will improve application security.
An SC Media analysis of current challenges, threats and solutions — that of course include AI — paints a hopeful but challenging picture for the state of AppSec.
Malware-laced libraries add a new dimension to defending the software supply chain.