#software-supply-chain-security

[ follow ]
#north-korean-scams #app-store-removals #bug-bounty-and-spyware #open-source #cyber-resilience-act
Information security
fromWIRED
1 week ago

'Happy Gilmore' Producer Buys Spyware Maker NSO Group

North Korean operatives are posing as architecture professionals using fake profiles, résumés, and Social Security numbers to infiltrate US companies.
Software development
fromInfoQ
2 weeks ago

The Hidden Vulnerability of The Open Source Software Supply Chain: The Underlying Infrastructure

Brian Fox, Sonatype CTO and open source leader, guided Maven governance, OpenSSF/FINOS efforts, and advised governments on cyber resiliency including the EU Cyber Resilience Act.
Python
fromThe Hacker News
5 months ago

Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times

A malicious PyPI package named discordpydebug disguises itself as a Discord utility while incorporating a remote access trojan.
[ Load more ]