Cybercriminals pose as “helpful” Stack Overflow users to push malware
Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware—answering users' questions by promoting a malicious PyPi package…
Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware—answering users' questions by promoting a malicious PyPi package…
Open-source software ecosystem compromise leaves developers in Asia and around the globe at risk.
Over the holidays, the npm package registry was flooded with more than 3,000 packages, including one called "everything," and others named a…
Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a…
A stream of malicious npm and PyPi packages have been found stealing a wide range of sensitive data from software…
Open source project Moq (pronounced "Mock") has drawn sharp criticism for quietly including a controversial dependency in its latest release. Moq's…
A software bills of materials standard gets an update, but the driver is compliance rather than security.
PyPI, the official third-party registry of open source Python packages has temporarily suspended new users from signing up, and new…
Researchers find 250 million artifacts and 65,000 container images exposed in registries and repositories scattered across the Internet.
Google has opened up its software-dependency database, adding to the security data available to developers and toolmakers. Now developers need…