As “avoid vendor lock-in” eclipses “do more with less,” open source offers freedom to tailor mission-specific solutions and cherry-pick right-sized applications. It’s mid-2021, and in federal...
Ethreum project is urging developers to apply a hotfix to squash a high-severity vulnerability. The chain-split vulnerability tracked as CVE-2021-39137, impacts “Geth,” the official Golang implementation of the Ethereum protocol. Such...
The commonly used “net” library in Go and Rust languages is also impacted by the mixed-format IP address validation vulnerability. The bug has to do with how net treats IP addresses as...
Checkmarx, an Israeli provider of static application security testing (AST), has acquired open-source supply chain security startup Dustico for an undisclosed sum. Founded in 2020, Dustico provides a...
The commonly used “net” library in Go and Rust languages is also impacted by the mixed-format IP address validation vulnerability. The bug has to do with how net treats IP addresses as...
Old fashioned data theft is still the main reason adversaries are targeting a popular open-source application management system. U.S. cybersecurity agencies are following up on a...
The Python Package Index (PyPI) registry has removed several Python packages this week aimed at stealing users’ credit card numbers, Discord tokens, and granting code execution capabilities...
The agency is looking for support services to help manage the .gov registry as it takes control of the top-level domain from GSA. The government’s central...
Microsoft has once again been successfully hit by a dependency hijacking attack. Previously, as first reported by BleepingComputer, a researcher had ethically hacked over 35 major tech...
GitHub has recently expanded its secrets scanning capabilities to repositories containing PyPI and RubyGems registry secrets. The move helps protect millions of applications built by Ruby and Python developers who...
Recent Comments