The Modern Software Supply Chain: How It’s Evolved and What to Prepare For
Supply chain security attacks have been becoming increasingly common and more sophisticated. Find out how to remain secure throughout the…
Lightspin Secures Infrastructure as Code Files with New GitHub Integration
Users can scan GitHub repositories and detect misconfigurations, exposed secrets and other security issues.
Verica Launches Prowler Pro to Make AWS Security Simpler for Customers
The enterprise grade solution will provide enhanced cloud security and provide new open-source tools.
GitHub suspends accounts of Russian devs at sanctioned companies
Russian software developers are reporting that their GitHub accounts are being suspended without warning if they work for or previously…
GitHub: Attacker breached dozens of orgs using stolen OAuth tokens
GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from…
Windows 11 tool to add Google Play secretly installed malware
A popular Windows 11 ToolBox script used to add the Google Play Store to the Android Subsystem has secretly infected…
Google, GitHub Collaboration Focuses on Securing Code Build Processes
The software supply chain security tool from GitHub and Google uses GitHub Actions and Sigstore to generate a "tamper-proof" record…
Rise in npm protestware: another open source dev calls Russia out
Developers are increasingly voicing their opinions through their open source projects in active use by thousands of software applications and organizations. Most recently, the…
New Meta information stealer distributed in malspam campaign
Independent analyst Brand Duncan has spotted a malspam campaign delivering META, a new info-stealer malware that appears to be rising…
GitHub can now alert of supply-chain bugs in new dependencies
GitHub can now block and alert you of pull requests that introduce new dependencies impacted by known supply chain vulnerabilities.…