Aqua Security

NOVEMBER 11, 2021

In late October, a supply chain attack affected a popular npm library, ua-parser-js, which put many companies at risk of compromise. In this blog, we will describe the attack and outline a few ways that organizations can mitigate similar threats.

Trends 111

Trends Resources Enterprise Cloud 111

TechCrunch

JULY 27, 2022

If combating attacks and hijackings of legitimate software on open source registries like npm weren’t challenging enough, app makers are increasingly experiencing the consequences of software self-sabotage. Developer Azer Koçulu ran into a trademark dispute with messaging app Kik because his npm package was called “kik.”

Development 281

Development Open Source Malware Software 281

Prisma Clud

SEPTEMBER 14, 2023

Learn how a novel attack vector in GitHub Actions allows attackers to distribute malware across repositories using a technique that exploits the actions dependency tree and puts countless open-source projects and internal repositories at risk.

Malware 144

Malware Open Source Research Software 144

Tenable

SEPTEMBER 9, 2022

9 | Software supply chain security in the spotlight. government stresses software supply chain security. Developers got concrete guidance and specific recommendations for protecting their software supply chains via a 64-page document from the U.S. Software Supply Chain Best Practices ” (CNCF).

Security 52

Security IoT Open Source Linux 52

CircleCI

JUNE 30, 2022

As shortages of consumer goods and rising prices caused by bottlenecks in international supply networks have become more common, the global supply chain and its vulnerabilities have been top of mind for many. What is the software supply chain? Examples of software supply chain attacks.

Software 64

Software Weak Development Team Open Source How To 64

O'Reilly Media - Ideas

MAY 3, 2022

Attacks are increasingly focused on decentralized finance (DeFi) platforms. Google has proposed Supply Chain Levels for Software Artifacts (SLSA) as a framework for ensuring the integrity of the software supply chain. A virtual art museum for NFTs is still under construction, but it exists, and you can visit it.

Artificial Inteligence 107

Artificial Inteligence Trends Energy Software Review 107

O'Reilly Media - Ideas

SEPTEMBER 6, 2022

is a deep learning library for JavaScript , designed to run in the browser and using the computer’s GPU (if available). It’s still early, and doesn’t yet support some important NPM packages. SHARPEXT is malware that installs a browser extension on Chrome or Edge that allows an attacker to read gmail. Programming.

Artificial Inteligence 112

Artificial Inteligence Trends Blockchain Software Review 112