Backdoor in public code repository presents a new security threat
A new form of attack has been used to target big tech firms using "dependency confusion"
A professional tester has created a backdoor that researchers found hiding inside open source code targeting four German companies, according to a report in Ars Technica. The tester was checking clients’ r... Read more
Sophisticated malware from PyPI was downloaded more than 41,000 times
PyPI, the open-source repository used by both large and small organizations to download code libraries, was hosting 11 malicious packages that were downloaded more than 41k times in one of the latest reports of an incident of this nature.
JFrog found the software supply chain risk. This security... Read more
PHP compromised: user database leakage prime suspect
Nikita Popov, a PHP maintainer, posted an update regarding how the source code was compromised and corrupted by the insertion of malicious code. Popov blames a user database leak, rather than an issue with the server itself.
The PHP code repository was compromised toward the end of last month, w... Read more