Microsoft’s lax policies in PowerShell Gallery provoke supply chain attacks
Microsoft's product PowerShell Gallery contains vulnerabilities that enable supply chain attacks, spoofing and typosquatting attacks. The vulnerabilities arose from the product's lax naming policy for code repository.
PowerShell Gallery constitutes a hugely popular code hosting platform. The pla... Read more
Check Point finds ten malicious Python packages in PyPi
Hackers increasingly target Python repositories. Security experts from Check Point recently discovered ten malware packages in PyPi, a popular Python repository.
Malware in Python repositories is typically distributed in familiar-looking packages and highly dangerous. Developers that fall victim... Read more
SentinelOne detects Rust-based supply chain attack
SentinelOne recently discovered a supply chain attack that uses components of the Rust programming language. The attack involves a malicious 'crate' in the Rust dependency community repository.
According to SentinelOne, hackers used a so-called CrateDepression attack to introduce a malicious cra... Read more