packages
-
The Ultimate Security Blind Spot You Don’t Know You Have
How much time do developers spend actually writing code? According to recent studies, developers spend more time maintaining, testing and…
Read More » -
Warning: PyPI Feature Executes Code Automatically After Python Package Download
In another finding that could expose developers to increased risk of a supply chain attack, it has emerged that nearly…
Read More » -
PyPI Repository Warns Python Project Maintainers About Ongoing Phishing Attacks
The Python Package Index, PyPI, on Wednesday sounded the alarm about an ongoing phishing campaign that aims to steal developer…
Read More » -
RubyGems Makes Multi-Factor Authentication Mandatory for Top Package Maintainers
RubyGems, the official package manager for the Ruby programming language, has become the latest platform to mandate multi-factor authentication (MFA)…
Read More » -
Newly Uncovered PyPI Package Drops Fileless Cryptominer to Linux Systems
A now-removed rogue package pushed to the official third-party software repository for Python has been found to deploy cryptominers on…
Read More » -
GitHub Dependabot Now Alerts Developers On Vulnerable GitHub Actions
Cloud-based code hosting platform GitHub has announced that it will now start sending Dependabot alerts for vulnerable GitHub Actions to…
Read More » -
10 Credential Stealing Python Libraries Found on PyPI Repository
In what’s yet another instance of malicious packages creeping into public code repositories, 10 modules have been removed from the…
Read More » -
New ‘ParseThru’ Parameter Smuggling Vulnerability Affects Golang-based Applications
Security researchers have discovered a new vulnerability called ParseThru affecting Golang-based applications that could be abused to gain unauthorized access…
Read More » -
Avoiding Death by a Thousand Scripts: Using Automated Content Security Policies
Businesses know they need to secure their client-side scripts. Content security policies (CSPs) are a great way to do that.…
Read More »