#supply-chain-security
#supply-chain-security

[ follow ]

Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems

Three malicious npm packages disguised as a Telegram bot library have been found, containing SSH backdoors and data exfiltration functionalities.

Information security

fromThe Hacker News

3 months ago

Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts

Several legitimate cryptocurrency packages on npm have been hijacked to steal sensitive information from compromised systems.

Growth hacking

fromThe Hacker News

1 month ago

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

Malicious packages in multiple repositories have been discovered, posing significant security threats in open-source ecosystems.

fromThe Hacker News

3 months ago

Software development

VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware

fromTechzine Global

1 day ago

Privacy professionals

IDE extensions threaten the software supply chain

Node JS

fromThe Hacker News

2 months ago

Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems

Three malicious npm packages disguised as a Telegram bot library have been found, containing SSH backdoors and data exfiltration functionalities.

Information security

fromThe Hacker News

3 months ago

Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts

Several legitimate cryptocurrency packages on npm have been hijacked to steal sensitive information from compromised systems.

Growth hacking

fromThe Hacker News

1 month ago

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

Malicious packages in multiple repositories have been discovered, posing significant security threats in open-source ecosystems.

fromThe Hacker News

3 months ago

Software development

VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware

fromTechzine Global

1 day ago

Privacy professionals

IDE extensions threaten the software supply chain

more#malware

fromwww.theguardian.com

2 days ago

Quad countries agree to diversify critical mineral supplies amid China concerns

The four countries said in a joint statement that they were establishing the Quad Critical Minerals Initiative, aimed at collaborating on securing and diversifying supply chains.

US politics

Cyber operations against Russia halted, cyber leaders remain alert

The U.S. has suspended offensive cyber operations against Russia, raising concerns among cybersecurity experts and organizations.

Organizations must enhance their cybersecurity measures, particularly in securing supply chains, amidst the suspension.

Artificial intelligence

fromTheregister

1 month ago

Infosec pros still aren't nailing the basics of AI security

Many organizations are using generative AI without understanding the associated security risks.

The NCSC warns that critical systems may be vulnerable to AI-empowered attackers by 2027.

Ignoring AI integration in cyber defenses raises business risk.

Information security

fromHackernoon

1 year ago

Breaking the Chain: How Scribe Security is Redefining Software Supply Chain Protection | HackerNoon

Software supply chain attacks exploit vulnerabilities in the development lifecycle, resulting in severe organizational risks.

Scribe Security's new platform strengthens security without compromising development speed.

Node JS

fromIT Pro

3 weeks ago

Developers beware: Malware has been found in a dozen popular NPM packages - here's what you need to know

Over a dozen NPM packages have been compromised, delivering malware that allows attackers to control infected machines.

Artificial intelligence

fromArs Technica

2 months ago

AI-generated code could be a disaster for the software supply chain. Here's why.

LLM-generated code increases vulnerability to supply-chain attacks due to the inclusion of non-existent dependencies.

Privacy professionals

fromSecuritymagazine

2 months ago

The Oracle breach and the case for transparent cyber response

The Oracle Cloud breach highlights the importance of responsiveness in cybersecurity, showcasing that initial denial can exacerbate damage.

Timely communication post-breach is critical to maintain trust and facilitate organizational responses.

US news

fromSecuritymagazine

4 months ago

Cyber operations against Russia halted, cyber leaders remain alert

The U.S. has suspended offensive cyber operations against Russia, raising concerns among cybersecurity experts and organizations.

Organizations must enhance their cybersecurity measures, particularly in securing supply chains, amidst the suspension.

Artificial intelligence

fromTheregister

1 month ago

Infosec pros still aren't nailing the basics of AI security

Many organizations are using generative AI without understanding the associated security risks.

The NCSC warns that critical systems may be vulnerable to AI-empowered attackers by 2027.

Ignoring AI integration in cyber defenses raises business risk.

Information security

fromHackernoon

1 year ago

Breaking the Chain: How Scribe Security is Redefining Software Supply Chain Protection | HackerNoon

Software supply chain attacks exploit vulnerabilities in the development lifecycle, resulting in severe organizational risks.

Scribe Security's new platform strengthens security without compromising development speed.

Node JS

fromIT Pro

3 weeks ago

Developers beware: Malware has been found in a dozen popular NPM packages - here's what you need to know

Over a dozen NPM packages have been compromised, delivering malware that allows attackers to control infected machines.

Artificial intelligence

fromArs Technica

2 months ago

AI-generated code could be a disaster for the software supply chain. Here's why.

LLM-generated code increases vulnerability to supply-chain attacks due to the inclusion of non-existent dependencies.

Privacy professionals

fromSecuritymagazine

2 months ago

The Oracle breach and the case for transparent cyber response

The Oracle Cloud breach highlights the importance of responsiveness in cybersecurity, showcasing that initial denial can exacerbate damage.

Timely communication post-breach is critical to maintain trust and facilitate organizational responses.

more#cybersecurity

fromDeveloper Tech News

1 month ago

Chainguard rebuilds Python libraries to slam the door on malware

Chainguard Libraries for Python represents a significant leap towards malware resistance, as it securely builds Python dependencies from their original source code in a robust infrastructure.

Web frameworks

fromInfoWorld

11 months ago

GitHub Artifact Attestations sign and verify software artifacts

By using Artifact Attestations in GitHub Actions workflows, developers can improve security and protect against supply chain attacks and unauthorized modifications.

DevOps

Artificial intelligence

fromFood & Beverage Magazine

2 months ago

From Dupe Culture to Digital Deception: Inside the AI-Driven F&B Counterfeit Boom - Part 2

Counterfeit food and beverages are surging in the U.S., driven by AI technology, prompting innovations in anti-counterfeit solutions.

Privacy technologies

fromTechRepublic

3 months ago

Billions of Devices at Risk of Hacking Due to Hidden Commands

Undocumented commands in the ESP32 Bluetooth chip pose serious security risks, enabling potential impersonation and memory manipulation.

[ Load more ]

#supply-chain-security#supply-chain-security

Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems

Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware

IDE extensions threaten the software supply chain

Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems

Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware

IDE extensions threaten the software supply chain

Quad countries agree to diversify critical mineral supplies amid China concerns

Cyber operations against Russia halted, cyber leaders remain alert

Infosec pros still aren't nailing the basics of AI security

Breaking the Chain: How Scribe Security is Redefining Software Supply Chain Protection | HackerNoon

Developers beware: Malware has been found in a dozen popular NPM packages - here's what you need to know

AI-generated code could be a disaster for the software supply chain. Here's why.

The Oracle breach and the case for transparent cyber response

Cyber operations against Russia halted, cyber leaders remain alert

Infosec pros still aren't nailing the basics of AI security

Breaking the Chain: How Scribe Security is Redefining Software Supply Chain Protection | HackerNoon

Developers beware: Malware has been found in a dozen popular NPM packages - here's what you need to know

AI-generated code could be a disaster for the software supply chain. Here's why.

The Oracle breach and the case for transparent cyber response

Chainguard rebuilds Python libraries to slam the door on malware

GitHub Artifact Attestations sign and verify software artifacts

From Dupe Culture to Digital Deception: Inside the AI-Driven F&B Counterfeit Boom - Part 2

Billions of Devices at Risk of Hacking Due to Hidden Commands

#supply-chain-security
#supply-chain-security