#software-supply-chain

[ follow ]
#npm
more#npm
fromTheregister
1 week ago

DoD reportedly relies on utility written by Russian

A widely used Node.js utility fast-glob appears maintained solely by a Yandex employee based in Russia, creating significant supply-chain security risk.
Information security
fromNextgov.com
1 week ago

Report: Russia-based Yandex employee oversees open-source software approved for DOD use

A Russia-based Yandex employee is sole maintainer of fast-glob, a widely used open-source package embedded in Department of Defense software, posing supply-chain risk.
fromDevOps.com
1 week ago

The Quantum Shift Is Here: A Survival Guide for the New Era of Software - DevOps.com

Software teams now shoulder the entire software supply chain, facing unsustainable complexity, security and compliance burdens, and tool sprawl that increase cognitive load and risk.
#sbom
more#sbom
#ai
fromTechzine Global
1 month ago
DevOps

JFrog launches MCP Server for AI-driven development workflows

JFrog's MCP Server enhances developer productivity by integrating AI capabilities into coding environments.
fromWIRED
4 months ago
Artificial intelligence

AI Code Hallucinations Increase the Risk of 'Package Confusion' Attacks

AI-generated code often references non-existent third-party libraries, posing risks for supply-chain attacks.
Artificial intelligence
fromWIRED
4 months ago

AI Code Hallucinations Increase the Risk of 'Package Confusion' Attacks

AI-generated code often references non-existent third-party libraries, posing risks for supply-chain attacks.
more#ai
fromThe Hacker News
1 month ago

North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign

North Korean threat actors are deploying malicious npm packages as part of ongoing software supply chain attacks against the open-source ecosystem.
#cybersecurity
fromIT Pro
1 month ago
Privacy professionals

Enterprises need to sharpen up on software supply chain security

fromDevOps.com
1 month ago
Privacy professionals

Survey Surfaces Significant Lack of Visibility Into Software Supply Chain Risks - DevOps.com

fromDevOps.com
3 months ago
Software development

Checkmarx Surfaces Malicious Effort to Compromise Software Supply Chains - DevOps.com

New malware targets application developers through typo-squatting, aiming to compromise software supply chains by providing persistent access and data exfiltration.
fromThe Hacker News
3 months ago
Node JS

Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials

Three malicious npm packages targeting Cursor on macOS are stealing user credentials and distributing harmful upgrades to the software.
fromIT Pro
1 month ago
Privacy professionals

Enterprises need to sharpen up on software supply chain security

fromDevOps.com
1 month ago
Privacy professionals

Survey Surfaces Significant Lack of Visibility Into Software Supply Chain Risks - DevOps.com

Software development
fromDevOps.com
3 months ago

Checkmarx Surfaces Malicious Effort to Compromise Software Supply Chains - DevOps.com

New malware targets application developers through typo-squatting, aiming to compromise software supply chains by providing persistent access and data exfiltration.
more#cybersecurity
fromDevOps.com
2 months ago

JFrog Extends Alliance With NVIDIA to Secure AI Software Supply Chain - DevOps.com

JFrog and NVIDIA have expanded integrations to include the Enterprise AI Factory, enabling the management of AI applications through JFrog's Software Supply Chain Platform.
Artificial intelligence
fromInfoQ
3 months ago

Docker Introduces Hardened Images to Strengthen Container Security

Docker's Hardened Images significantly enhance container security by reducing attack surfaces and minimizing vulnerabilities.
DevOps
fromDevOps.com
4 months ago

Veracode Extends Scope and Reach of DevSecOps Portfolio - DevOps.com

Veracode enhances its risk management tool to strengthen DevSecOps capabilities and improve vulnerability identification in Kubernetes environments.
[ Load more ]