How software development’s speed obsession enabled TeamPCP’s chaos crusade
The threat group’s remarkable success targeting open-source software was inevitable and fueled by the industry’s decision to prioritize code shipping over security.
Advertisement
CI/CD
Mini Shai-Hulud returns, compromising hundreds of npm packages
Another malware wave is washing through open-source software repos, stealing publishing tokens, installing OS‑level backdoors and persisting in developer tools and CI pipelines.
‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack
The campaign hit major registries and hid behind legitimate-looking release signatures, showing how attackers can weaponize the software update process itself.
Information security in the DevOps age: Aligning conflicting imperatives
The explosive growth of software containers has been a boon for agile development; but they can create hidden risks for security pros.