Sigstore launches free software signing service
The open-source technology allows users to verify the reliability of software components. Sigstore is used by the developers of giant projects like Kubernetes and Python. The free technology was recently made generally available.
Software supply chain security is a growing problem. Vulnerabilit... Read more
Nvidia data breach by Lapsus$ is actively exploited
A data breach at Nvidia allows cybercriminals to disguise malware with trusted code signing certificates.
Since last week, ransomware group Lapsus$ claims to possess over 1TB of private Nvidia data. Although Nvidia acknowledges that data was stolen, the organization "expected no impact on custom... Read more