packages
-
PyPI Repository Makes 2FA Security Mandatory for Critical Python Projects
The maintainers of the official third-party software repository for Python have begun imposing a new two-factor authentication (2FA) condition for…
Read More » -
Solving the indirect vulnerability enigma – fixing indirect vulnerabilities without breaking your dependency tree
Fixing indirect vulnerabilities is one of those complex, tedious and, quite frankly, boring tasks that no one really wants to…
Read More » -
Multiple Backdoored Python Libraries Caught Stealing AWS Secrets and Keys
Researchers have discovered a number of malicious Python packages in the official third-party software repository that are engineered to exfiltrate…
Read More » -
Nearly 100,000 NPM Users’ Credentials Stolen in GitHub OAuth Breach
Cloud-based repository hosting service GitHub on Friday shared additional details into the theft of GitHub integration OAuth tokens last month,…
Read More » -
Popular PyPI Package ‘ctx’ and PHP Library ‘phpass’ Hijacked to Steal AWS Keys
Two trojanized Python and PHP packages have been uncovered in what’s yet another instance of a software supply chain attack…
Read More » -
Yes, Containers Are Terrific, But Watch the Security Risks
Containers revolutionized the development process, acting as a cornerstone for DevOps initiatives, but containers bring complex security risks that are…
Read More » -
Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang
The inner workings of a cybercriminal group known as the Wizard Spider have been exposed, shedding light on its organizational…
Read More » -
Google Created ‘Open-Source Maintenance Crew’ to Help Secure Critical Projects
Google on Thursday announced the creation of a new “Open Source Maintenance Crew” to focus on bolstering the security of…
Read More »