Software Development | News, how-tos, features, reviews, and videos
Growing use of APIs give attackers more ways to break authentication controls, exfiltrate data, or perform disruptive acts.
Akamai’s latest study finds organizations are not prepared for API-based attacks as most report scant controls.
The PoC contains a backdoor, which has broad data-stealing capabilities and can exfiltrate a wide array of data from the hostname and username to an exhaustive list of home directory contents.
JFrog Curation vets and blocks infected open source or third-party packages before they enter development.
This newly discovered "dual use" campaign enables software supply chain compromise as well as phishing.
With the growth of Linux in cloud environments, critical infrastructure, and even mobile platforms, hackers are increasingly targeting the open source system for higher returns.
Package manifests in the npm registry are not validated against metadata files in the package itself, leaving the door open for attackers.
Researchers use the OpenSSF Scorecard to measure the security of the 50 most popular generative AI large language model projects on GitHub.
AquaSec analyzed a sample of 1% of GitHub repositories and found that about 37,000 of them are vulnerable to RepoJacking, including the repositories of companies such as Google and Lyft.
An eBPF-based tool for code monitoring provides new visibility into the software pipeline, aiming to forestall further SolarWinds- or Codecov-style attacks.