Here you will find all the articles with the tag: supply chain attack.
Using self-hosted runners in PyTorch for GitHub operations leads to several vulnerabilities, security engineer John Stawinski IV discovered. This can lead to many malicious actions. According to security engineer John Stawinski IV, Meta's popular open-source framework PyTorch uses so-called self... Read more
3 months ago
Microsoft's product PowerShell Gallery contains vulnerabilities that enable supply chain attacks, spoofing and typosquatting attacks. The vulnerabilities arose from the product's lax naming policy for code repository. PowerShell Gallery constitutes a hugely popular code hosting platform. The pla... Read more
8 months ago
Hackers increasingly target Python repositories. Security experts from Check Point recently discovered ten malware packages in PyPi, a popular Python repository. Malware in Python repositories is typically distributed in familiar-looking packages and highly dangerous. Developers that fall victim... Read more
2 years ago
SentinelOne recently discovered a supply chain attack that uses components of the Rust programming language. The attack involves a malicious 'crate' in the Rust dependency community repository. According to SentinelOne, hackers used a so-called CrateDepression attack to introduce a malicious cra... Read more
2 years ago
