CSOonline

Malicious open-source software packages have exploded in 2024

The open-source development ecosystem has experienced a significant rise in malicious software components, putting enterprises on high alert for software supply chain attacks. Malware is infiltrating ...
SiliconANGLE

Google Cloud beefs up open-source software security with Assured OSS packages

Google Cloud wants to help improve the security of the most widely used open-source software, and to do so it’s making its Assured Open Source Software service generally available for Java and Python ...
Infosecurity Magazine

New Shai-Hulud Worm Spells Trouble For npm Users

A new version of the Shai-Hulud worm has infected hundreds of npm packages and caused disruption to global CI/CD workflows ...

One of the most popular web app frameworks has a major security flaw

Alas, no, as it turns out that a very popular web app framework, used heavily in servers around the world, has been ...
Infosecurity-magazine.com

Surge in Malicious Software Packages Exploits System Flaws

A rise in malicious software packages exploiting system vulnerabilities has been detected by security researchers. A new report, published by Fortinet today, analyzes threats observed from November ...
Dark Reading

DPRK's 'Contagious Interview' Spawns Malicious Npm Package Factory

North Korean attackers have delivered more than 197 malicious packages as part of ongoing state-sponsored activity to ...
ZDNet

Open-source security: It's too easy to upload 'devastating' malicious packages, warns Google

Google has detailed some of the work done to find malicious code packages that have been sneaked into bigger open-source software projects. The Package Analysis Project is one of the software supply ...
Dark Reading

One-Third of Popular PyPI Packages Mistakenly Flagged as Malicious

The scanners tasked with weeding out malicious contributions to packages distributed via the popular open source code repository Python Package Index (PyPI) create a significant number of false alerts ...
ZDNet

Google: These 'curated' open-source packages will improve software supply chain security

Google aims to boost software supply chain security with an initiative that promises to offer enterprise open-source software users access to the same secure packages used by its own developers to ...
Hosted on MSN

Hacker Pwns Programmer, Infects Widely Used Software With Malware

Don't miss out on our latest stories. Add PCMag as a preferred source on Google. A hacker has managed to infect over a dozen widely used software packages with a crypto-looting malware after ...
Network World

Cisco bolsters DNS security package

Cisco (Nasdaq:CSCO) has bulked-up its Domain Name System (DNS) security software with new features including AI-enhanced DNS tunneling mitigation and stronger cloud malware detection. Cisco Secure ...
TechCrunch

Google Cloud launches new software supply chain and zero trust security services

Google Cloud is holding its annual Security Summit this week and unsurprisingly, the company used the event to launch a few new security features. This year, the announcements focus on software supply ...