packages
-
This Android File Manager App Infected Thousands of Devices with Sharkbot Malware
The Android banking fraud malware known as SharkBot has reared its head once again on the official Google Play Store,…
Read More » -
W4SP Stealer Constantly Targeting Python Developers in Ongoing Supply Chain Attack
An ongoing supply chain attack has been leveraging malicious Python packages to distribute malware called W4SP Stealer, with over hundreds…
Read More » -
Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer
Cybersecurity researchers have uncovered 29 packages in Python Package Index (PyPI), the official third-party software repository for the Python programming…
Read More » -
GitHub Repojacking Bug Could’ve Allowed Attackers to Takeover Other Users’ Repositories
Cloud-based repository hosting service GitHub has addressed a high-severity security flaw that could have been exploited to create malicious repositories…
Read More » -
Google Launches GUAC Open Source Project to Secure Software Supply Chain
Google on Thursday announced that it’s seeking contributors to a new open source initiative called Graph for Understanding Artifact Composition,…
Read More » -
Chinese Hackers Targeting Online Casinos with GamePlayerFramework Malware
An advanced persistent threat (APT) group of Chinese origin codenamed DiceyF has been linked to a string of attacks aimed…
Read More » -
New Timing Attack Against NPM Registry API Could Expose Private Packages
A novel timing attack discovered against the npm’s registry API can be exploited to potentially disclose private packages used by…
Read More » -
Scribe Platform: End-to-end Software Supply Chain Security
As software supply chain security becomes more and more crucial, security, DevSecOps, and DevOps teams are more challenged than ever…
Read More »