Software Development | News, how-tos, features, reviews, and videos
Caught before it could do widespread damage, the sophisticated vulnerability could have been one of the highest-impact software supply chain breaches to date.
The AI-powered OSS-Fuzz tool can help find vulnerabilities and be combined with an auto-patching pipeline.
A dependent action in Bazel could permit malicious code injection into a GitHub Actions workflow, highlighting risk from third-party dependencies.
It's easy for admins to misunderstand what GKE considers authenticated users and set permissions that could allow anyone with a Google account to access their systems.
A significant percentage of the 50,000 most-downloaded npm packages are deprecated or have a deprecated dependency but provide no warning.
Uneven maintenance practices and developers' willingness to download risky code have made open-source repositories a favored initial access tactic for attackers.
The financial services sector has also experienced an increase in Layer 3 and Layer 4 DDoS attacks.
A new proof of concept shows that attackers can use Azure AD CTS to leap to Microsoft and non-Microsoft application across tenants.
This newly discovered "dual use" campaign enables software supply chain compromise as well as phishing.
With the growth of Linux in cloud environments, critical infrastructure, and even mobile platforms, hackers are increasingly targeting the open source system for higher returns.