Connect with us
A previously unidentified APT hacking group named ‘Carderbee’ was observed attacking organizations in Hong Kong and other regions in Asia, using legitimate software to infect targets’...
Serde, a popular Rust (de)serialization project, has decided to ship its serde_derive macro as a precompiled binary. The move has generated a fair amount of push back among developers who worry...
Amazon Web Services (AWS) has withdrawn its association with open source project Moq after the project drew sharp criticism for its quiet addition of data collection...
The software supply chain encompasses the entire lifecycle of a software product, from its conception and development to its distribution and deployment. It involves a complex...
In this Help Net Security video, Marc Gaffan, CEO at IONIX, discusses how businesses’ biggest cybersecurity mistake is not protecting the full external attack surface that continues...
A new Lazarus campaign considered part of “Operation DreamJob” has been discovered targeting Linux users with malware for the first time. This new targeting was discovered...
No agency has yet to require them in any major way. We first heard about the term SBOM, or software bill of materials, back in May of...
PyTorch has identified a malicious dependency with the same name as the framework’s ‘torchtriton’ library. This has led to a successful compromise via the dependency confusion attack vector. PyTorch admins are...
Discussion of potential changes centered on a need for software transparency and independent supply-chain assessments. Regulators are exploring how to update critical infrastructure protection—or CIP—standards in...
The Iranian Agrius APT hacking group is using a new ‘Fantasy’ data wiper in supply-chain attacks impacting organizations in Israel, Hong Kong, and South Africa. The...
Recent Comments