#supply-chain-attacks

[ follow ]
#cybersecurity #open-source #malware #software-development #dependency-scanning #open-source-security
Information security
fromTheregister
2 days ago

Socket will block it with free malicious package firewall

Socket released Socket Firewall Free, a free CLI that blocks malicious dependencies at install time across npm, yarn, pnpm, pip, uv, and cargo.
Node JS
fromSecurityWeek
1 week ago

GitHub Boosting Security in Response to NPM Supply Chain Attacks

GitHub will require two-factor authentication for local NPM publishing and deploy short-lived, granular tokens plus trusted publishing to mitigate NPM supply-chain attacks.
Information security
fromThe Hacker News
3 weeks ago

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Cursor's default-disabled Workspace Trust allows VS Code-style autorun tasks to execute on folder open, enabling arbitrary code execution and potential credential theft.
fromTheregister
1 month ago

Stolen OAuth tokens expose Palo Alto customer data

Marc Benoit, chief information security officer at PAN, confirmed in a note to clients - seen by The Register - that it was informed on August 25 that the "compromise of a third-party application, Salesloft's Drift, resulted in the access and exfiltration of data stored in our Salesforce environment." It immediately disconnected the third-party application from its Salesforce CRM, he said.
Information security
fromThe Hacker News
1 month ago

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks

These changes improve PyPI's overall account security posture, making it harder for attackers to exploit expired domain names to gain unauthorized access to accounts.
Python
#cybersecurity
more#cybersecurity
Information security
fromIT Pro
3 months ago

Application security risk: How leaders can protect their businesses

Application security is increasingly challenging due to software complexity and pressure for rapid feature rollout.
[ Load more ]