Have We Reached a Distroless Tipping Point?
There's a virtuous cycle in technology that pushes the boundaries of what's…
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
Apr 04, 2025Ravie LakshmananVulnerability / Open Source, The cascading supply chain attack…
Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts
Mar 28, 2025Ravie LakshmananCryptocurrency / Developer Security Cybersecurity researchers have discovered several…
Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories’ CI/CD Secrets Exposed
The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a…
North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps
The North Korea-linked threat actor known as ScarCruft is said to have…
Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk
Mar 13, 2025Ravie LakshmananOpen Source / Vulnerability Meta has warned that a…
New OpenSSH flaws expose SSH servers to MiTM and DoS attacks
OpenSSH has released security updates addressing two vulnerabilities, a man-in-the-middle (MitM) and…
Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection
Feb 08, 2025Ravie LakshmananArtificial Intelligence / Supply Chain Security Cybersecurity researchers have…
PyPI Introduces Archival Status to Alert Users About Unmaintained Python Packages
Feb 03, 2025Ravie LakshmananOpen Source / Software Security The maintainers of the…