Software Supply Chain Security Needs a Bigger Picture
SBOMs aren't enough. OpenSSF's Alpha-Omega brings in new blood to help secure the open source projects most impactful to the…
Android TV box on Amazon came pre-installed with malware
A Canadian system administrator discovered that an Android TV box purchased from Amazon was pre-loaded with persistent, sophisticated malware baked…
Use CircleCI? Here Are 3 Steps You Need to Take
This Tech Tip outlines the steps enterprise defenders should take as they protect their data in cloud environments in response…
New Dark Pink APT group targets govt and military with custom malware
Attacks targeting government agencies and military bodies in multiple countries in the APAC region have been attributed to what appears…
Trojan Puzzle attack trains AI assistants into suggesting malicious code
Researchers at the universities of California, Virginia, and Microsoft have devised a new poisoning attack that could trick AI-based coding…
GitHub makes it easier to scan your code for vulnerabilities
GitHub introduced a new option to set up code scanning for a repository known as "default setup," designed to help…
VSCode Marketplace can be abused to host malicious extensions
Threat analysts at AquaSec have experimented with the security of VSCode Marketplace and found that it's surprisingly easy to upload…
PurpleUrchin Gang Embraces DevOps in Massive Cloud Malware Campaign
The Automated Libra group is deploying all components of its campaign in an automated manner via containers, stealing free trial…
SpyNote Android malware infections surge after source code leak
The Android malware family tracked as SpyNote (or SpyMax) has had a sudden increase in detections in the final quarter of…
Hackers use CAPTCHA bypass to make 20K GitHub accounts in a month
South African threat actors known as 'Automated Libra' has been improving its techniques to make a profit by using cloud…