Connect with us
Members of the Five Eyes (FVEY) intelligence alliance today warned managed service providers (MSPs) and their customers that they’re increasingly targeted by supply chain attacks. Multiple...
Infosec experts have welcomed the US National Institute of Standards and Technology’s (NIST’s) overhaul of its cybersecurity supply chain risk management guidance (C-SCRM). Developed in response to an...
Officials from Defense’s CIO Office reiterated the need for strong digital defenses as conflicts take aim at critical infrastructure. Officials from the Department of Defense highlighted...
New top-level guidance—and requirements—are coming for managing software security risk at federal agencies The Office of Management and Budget is preparing to release new requirements around...
The National Institute of Standards and Technology (NIST) has updated its guidance document for helping organizations identify, assess and respond to cybersecurity risks throughout the supply...
GitHub announced today that all users who contribute code on its platform (an estimated 83 million developers in total) will be required to enable two-factor authentication (2FA)...
Open source software developers’ reputations could be abused to spread malicious NPM packages without their knowledge or consent, security researchers have revealed. On April 26, the...
The Open Source Security Foundation (OpenSSF), a Linux Foundation-backed initiative has released its first prototype version of the ‘Package Analysis’ tool that aims to catch and...
Ivanti Wavelink announced the results of a joint survey with VDC Research regarding the state of industrial supply chain operations and the adoption of Industrial Internet of Things...
A ‘logical flaw’ in the npm registry enabled authors of malicious packages to quietly add anyone and any number of users as ‘maintainers’ to their packages in an...
Recent Comments