#supply-chain-security

[ follow ]
#malware
Node JS
fromThe Hacker News
2 months ago

Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems

Three malicious npm packages disguised as a Telegram bot library have been found, containing SSH backdoors and data exfiltration functionalities.
Information security
fromThe Hacker News
3 months ago

Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts

Several legitimate cryptocurrency packages on npm have been hijacked to steal sensitive information from compromised systems.
Growth hacking
fromThe Hacker News
1 month ago

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

Malicious packages in multiple repositories have been discovered, posing significant security threats in open-source ecosystems.
Node JS
fromThe Hacker News
2 months ago

Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems

Three malicious npm packages disguised as a Telegram bot library have been found, containing SSH backdoors and data exfiltration functionalities.
Information security
fromThe Hacker News
3 months ago

Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts

Several legitimate cryptocurrency packages on npm have been hijacked to steal sensitive information from compromised systems.
Growth hacking
fromThe Hacker News
1 month ago

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

Malicious packages in multiple repositories have been discovered, posing significant security threats in open-source ecosystems.
fromwww.theguardian.com
2 days ago

Quad countries agree to diversify critical mineral supplies amid China concerns

The four countries said in a joint statement that they were establishing the Quad Critical Minerals Initiative, aimed at collaborating on securing and diversifying supply chains.
US politics
#cybersecurity
US news
fromSecuritymagazine
4 months ago

Cyber operations against Russia halted, cyber leaders remain alert

The U.S. has suspended offensive cyber operations against Russia, raising concerns among cybersecurity experts and organizations.
Organizations must enhance their cybersecurity measures, particularly in securing supply chains, amidst the suspension.
Artificial intelligence
fromTheregister
1 month ago

Infosec pros still aren't nailing the basics of AI security

Many organizations are using generative AI without understanding the associated security risks.
The NCSC warns that critical systems may be vulnerable to AI-empowered attackers by 2027.
Ignoring AI integration in cyber defenses raises business risk.
Information security
fromHackernoon
1 year ago

Breaking the Chain: How Scribe Security is Redefining Software Supply Chain Protection | HackerNoon

Software supply chain attacks exploit vulnerabilities in the development lifecycle, resulting in severe organizational risks.
Scribe Security's new platform strengthens security without compromising development speed.
Node JS
fromIT Pro
3 weeks ago

Developers beware: Malware has been found in a dozen popular NPM packages - here's what you need to know

Over a dozen NPM packages have been compromised, delivering malware that allows attackers to control infected machines.
Privacy professionals
fromSecuritymagazine
2 months ago

The Oracle breach and the case for transparent cyber response

The Oracle Cloud breach highlights the importance of responsiveness in cybersecurity, showcasing that initial denial can exacerbate damage.
Timely communication post-breach is critical to maintain trust and facilitate organizational responses.
US news
fromSecuritymagazine
4 months ago

Cyber operations against Russia halted, cyber leaders remain alert

The U.S. has suspended offensive cyber operations against Russia, raising concerns among cybersecurity experts and organizations.
Organizations must enhance their cybersecurity measures, particularly in securing supply chains, amidst the suspension.
Artificial intelligence
fromTheregister
1 month ago

Infosec pros still aren't nailing the basics of AI security

Many organizations are using generative AI without understanding the associated security risks.
The NCSC warns that critical systems may be vulnerable to AI-empowered attackers by 2027.
Ignoring AI integration in cyber defenses raises business risk.
Information security
fromHackernoon
1 year ago

Breaking the Chain: How Scribe Security is Redefining Software Supply Chain Protection | HackerNoon

Software supply chain attacks exploit vulnerabilities in the development lifecycle, resulting in severe organizational risks.
Scribe Security's new platform strengthens security without compromising development speed.
Node JS
fromIT Pro
3 weeks ago

Developers beware: Malware has been found in a dozen popular NPM packages - here's what you need to know

Over a dozen NPM packages have been compromised, delivering malware that allows attackers to control infected machines.
Privacy professionals
fromSecuritymagazine
2 months ago

The Oracle breach and the case for transparent cyber response

The Oracle Cloud breach highlights the importance of responsiveness in cybersecurity, showcasing that initial denial can exacerbate damage.
Timely communication post-breach is critical to maintain trust and facilitate organizational responses.
fromDeveloper Tech News
1 month ago

Chainguard rebuilds Python libraries to slam the door on malware

Chainguard Libraries for Python represents a significant leap towards malware resistance, as it securely builds Python dependencies from their original source code in a robust infrastructure.
Web frameworks
fromInfoWorld
11 months ago

GitHub Artifact Attestations sign and verify software artifacts

By using Artifact Attestations in GitHub Actions workflows, developers can improve security and protect against supply chain attacks and unauthorized modifications.
DevOps
Privacy technologies
fromTechRepublic
3 months ago

Billions of Devices at Risk of Hacking Due to Hidden Commands

Undocumented commands in the ESP32 Bluetooth chip pose serious security risks, enabling potential impersonation and memory manipulation.
[ Load more ]