The npm incident frightened everyone, but ended up being nothing to fret about
Disaster was averted after widely used open-source packages were compromised via social engineering.
Advertisement
open source
The overlooked changes that two Trump executive orders could bring to cybersecurity
Good, bad, puzzling — a March order and June order could have bigger ripples than realized when the president signed them.
AsyncRAT seeds family of more than 30 remote access trojans
ESET researchers observed tens of thousands of machines infected with AsyncRAT and its variants over the past year. The open-source malware is a popular tool among cybercriminals.
Unverified code is the next national security threat
Congress and federal agencies can take some simple steps to better protect open-source software.
String of defects in popular Kubernetes component puts 40% of cloud environments at risk
Researchers aren’t aware of active exploitation in the wild, but they warn the risk for publicly exposed and unpatched Ingress Nginx controllers is extremely high.
Researchers raise alarm about critical Next.js vulnerability
The software defect in the widely used open-source JavaScript framework allows attackers to bypass middleware-based authorization.
Advertisement
Chainguard’s FIPS-compliant Cassandra addresses security demand of federal and regulated markets
The new offering paves the way for orgs to use the widely popular open-source software with their highly sensitive data.
Projecting the next decade of software supply chain security
A 2035 vision includes a shift that combines security and innovation.
Here’s all the ways an abandoned cloud instance can cause security issues
Research released Tuesday by watchTowr shows how easy an old storage bucket can be repurposed by malicious attackers.
Open-source security spat leads companies to join forces for new tool
A company’s licensing change to a static analysis tool has forced 10 companies together to create Opengrep.