Connect with us
Microsoft said today that security vulnerabilities found to impact a web server discontinued since 2005 have been used to target and compromise organizations in the energy...
The guide provides recommendations throughout the product lifecycle, from procurement to deployment. Several agencies published the last part in a series about securing the software supply chain, this...
As cyber attackers increasingly look to capitalize on accelerating digitalization that has seen many enterprises significantly increase their reliance on cloud-based solutions and services as well...
NSA, CISA, and the Office of the Director of National Intelligence (ODNI) have shared a new set of suggested practices that software suppliers (vendors) can follow...
Software supply chain risk has grown to be a significant concern for organizations as cyber attackers look to take advantage of the accelerating digitalization that has seen...
As software supply chain security becomes more and more crucial, security, DevSecOps, and DevOps teams are more challenged than ever to build transparent trust in the...
There are three key questions concerning artificial intelligence (AI) in the supply chain: Where are we today and what are some of the tailwinds driving the implementation of...
Security researchers have discovered an npm timing attack that reveals the names of private packages so threat actors can release malicious clones publicly to trick developers...
The ‘LofyGang’ threat actors have created a credential-stealing enterprise by distributing 200 malicious packages and fake hacking tools on code hosting platforms, such as NPM and...
Sonatype has found a massive year-over-year increase in cyberattacks aimed at open source projects. According to early data from Sonatype’s 8th annual State of the Software Supply Chain...
Recent Comments