To defend against slopsquatting, proactive trust verification must occur before any dependency lands in a developer's hands.
Trusted developer tools are becoming the new path into enterprise software environments.
Supply chain cyberattacks are bypassing internal defences by exploiting trusted third-party suppliers. From the XZ Utils backdoor to the Marks and Spencer MoveIt breach, recent incidents show how ...
Threat intelligence firm Cyble said such attacks occurred, on average, nearly 13 times per month last year, from February through September 2024. Starting in October, they surged to nearly 16 per ...
North Korean hackers are targeting open source software developers with a backdoor and an information stealer as part of a ...
Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, creating a new software supply ...
Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...
The recent Shai Hulud 2.0 incident was initially described as an “npm worm” and a “GitHub repository attack.” That framing missed the point. When you look at what actually left victims' environments, ...
It has been a bad six weeks for security firm Checkmarx. Over the past 40 days, it has been the victim of at least one supply-chain attack that delivered malware to customers on two separate occasions ...