Connect with us
The Python Package Index (PyPI) is rolling out two-factor authentication (2FA) for “critical projects” in the form of physical security keys. Mindful of the growing threat to software supply...
On Friday, the Python Package Index (PyPI), the official repository of third-party open-source Python projects announced plans to mandate two-factor authentication requirement for maintainers of “critical” projects....
An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and...
Abnormal Security released new research that showcases a rising trend in financial supply chain compromise as threat actors impersonate vendors more than ever before. In January 2022,...
In this Help Net Security interview, Dawn Cappelli, Director of OT-CERT at the industrial cybersecurity company Dragos, talks about the OT security risks critical infrastructure organizations are...
There have been more than 200 dedicated supply chain attacks over the past decade. Some of these campaigns have affected countless supplier networks and millions of customers –...
RubyGems has become the latest code repository to require multi-factor authentication (MFA) for some of its largest publishers. The package manager has started alerting the maintainers of...
The Cyber-Informed Engineering Strategy is organized across five pillars. The Department of Energy this week released its national Cyber-Informed Engineering Strategy that provides guidance for building resilient energy...
Over the last two years, supply chain challenges have rocked both enterprises and consumers alike, making it harder to access certain goods and maintain business continuity....
PyPI packages ‘keep,’ ‘pyanxdns,’ ‘api-res-py’ were found to be containing a backdoor due to the presence of malicious ‘request’ dependency within some versions. For example, while most versions of ‘keep’...
Recent Comments