#software-supply-chain

[ follow ]
#open-source
more#open-source
#ai
Artificial intelligence
fromWIRED
3 months ago

AI Code Hallucinations Increase the Risk of 'Package Confusion' Attacks

AI-generated code often references non-existent third-party libraries, posing risks for supply-chain attacks.
Artificial intelligence
fromWIRED
3 months ago

AI Code Hallucinations Increase the Risk of 'Package Confusion' Attacks

AI-generated code often references non-existent third-party libraries, posing risks for supply-chain attacks.
more#ai
fromThe Hacker News
2 weeks ago

North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign

North Korean threat actors are deploying malicious npm packages as part of ongoing software supply chain attacks against the open-source ecosystem.
#cybersecurity
fromIT Pro
3 weeks ago
Privacy professionals

Enterprises need to sharpen up on software supply chain security

fromDevOps.com
3 weeks ago
Privacy professionals

Survey Surfaces Significant Lack of Visibility Into Software Supply Chain Risks - DevOps.com

fromDevOps.com
2 months ago
Software development

Checkmarx Surfaces Malicious Effort to Compromise Software Supply Chains - DevOps.com

Node JS
fromThe Hacker News
2 months ago

Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials

Three malicious npm packages targeting Cursor on macOS are stealing user credentials and distributing harmful upgrades to the software.
Privacy professionals
fromThe Hacker News
4 months ago

Malicious PyPI Packages Stole Cloud Tokens-Over 14,100 Downloads Before Removal

Malicious campaigns targeting PyPI users via fake libraries pose serious security risks, highlighting the importance of vigilance in software development.
fromIT Pro
3 weeks ago
Privacy professionals

Enterprises need to sharpen up on software supply chain security

fromDevOps.com
3 weeks ago
Privacy professionals

Survey Surfaces Significant Lack of Visibility Into Software Supply Chain Risks - DevOps.com

Software development
fromDevOps.com
2 months ago

Checkmarx Surfaces Malicious Effort to Compromise Software Supply Chains - DevOps.com

New malware targets application developers through typo-squatting, aiming to compromise software supply chains by providing persistent access and data exfiltration.
Privacy professionals
fromThe Hacker News
4 months ago

Malicious PyPI Packages Stole Cloud Tokens-Over 14,100 Downloads Before Removal

Malicious campaigns targeting PyPI users via fake libraries pose serious security risks, highlighting the importance of vigilance in software development.
more#cybersecurity
#jfrog
fromDevOps.com
1 month ago
Artificial intelligence

JFrog Extends Alliance With NVIDIA to Secure AI Software Supply Chain - DevOps.com

fromDevOps.com
1 month ago
Artificial intelligence

JFrog Extends Alliance With NVIDIA to Secure AI Software Supply Chain - DevOps.com

more#jfrog
#sbom
more#sbom
fromInfoQ
2 months ago

Docker Introduces Hardened Images to Strengthen Container Security

Docker's Hardened Images significantly enhance container security by reducing attack surfaces and minimizing vulnerabilities.
#devsecops
fromDevOps.com
7 months ago
Information security

OpenText Allies With Secure Code Warrior to Improve Application Security - DevOps.com

fromDevOps.com
7 months ago
Information security

OpenText Allies With Secure Code Warrior to Improve Application Security - DevOps.com

more#devsecops
#security-risks
Information security
fromTechzine Global
4 months ago

AI is making the software supply chain more perilous than ever

The JFrog report highlights security risks in the software supply chain, detailing threats from vulnerabilities, malicious packages, exposed secrets, and human error.
Information security
fromTechzine Global
4 months ago

AI is making the software supply chain more perilous than ever

The JFrog report highlights security risks in the software supply chain, detailing threats from vulnerabilities, malicious packages, exposed secrets, and human error.
more#security-risks
Software development
fromDevOps.com
4 months ago

OpenSSF Defines Baseline for Securing Open Source Software - DevOps.com

OpenSSF's OSPS Baseline aims to enhance security for small open source teams.
It provides attainable security practices based on established standards.
Tech industry
fromTechCrunch
4 months ago

Cloudsmith raises $23M to improve software supply chain security | TechCrunch

Cloudsmith aims to improve software supply chain security by providing a robust artifact management platform.
fromTheregister
5 months ago

Reused AWS S3 buckets a weak link in supply chain security

Abandoned AWS S3 buckets pose serious security risks and can be hijacked for software supply chain attacks.
Information security
fromDevOps.com
6 months ago

Fake Stars in GitHub a Growing Security Threat, Analysis Finds - DevOps.com

GitHub faces a growing issue with fake stars, facilitating malware distribution and damaging trust in open-source software development.
Information security
fromTechCrunch
9 months ago

Socket lands a fresh $40M to scan software for security flaws | TechCrunch

The software supply chain is currently at high risk, particularly with outdated open-source components leading to security vulnerabilities.
fromDevOps.com
11 months ago

Endor Labs Adds Analytics and Patching Tools to Secure Open Source Software - DevOps.com

Endor Labs introduced the ability to assess how challenging it may be to upgrade open source software, identifying potential application disruptions. This aids DevSecOps in decision-making.
Information security
[ Load more ]