News

CSOonline7mon
Malicious open-source software packages have exploded in 2024
The open-source development ... according to a new report from software supply chain management firm Sonatype. The company has tracked over 500,000 new malicious packages since November 2023 ...
InfoWorld1y
JFrog Curation blocks malicious open source software packages
DevSecOps system validates incoming software packages against JFrog’s security research library to establish a repository of trustworthy components for software developers to use. JFrog has ...
SiliconANGLE2y
Google Cloud beefs up open-source software security with Assured OSS packages
By relying on Google’s extensive library of Assured OSS packages, organizations will benefit from a more secure open-source software supply chain, Google said. They’ll be able to understand ...
SiliconANGLE3mon
Fortinet identifies thousands of malicious software packages exploiting open-source repositories
A new report out today from Fortinet Inc.’s FortiGuard Labs highlights a growing wave of malicious software ... of malicious packages distributed across open-source repositories, using ...
CSOonline1y
Why open-source software supply chain attacks have tripled in a year
According to data from software supply chain management company Sonatype, the number of malicious packages detected across the various open-source ecosystems tripled year over year. “Looking at ...
Bleeping Computer1y
Malicious NuGet packages abuse MSBuild to install malware
A new NuGet typosquatting campaign pushes malicious packages that abuse Visual Studio's MSBuild ... NuGet is an open-source package manager and software distribution system, enabling developers ...
La Grande Observer4mon
HeroDevs Acquires Xeol to Help Users of End-of-Life Open Source Software Secure Their Applications and Protect Their Data
Xeol’s platform tracks end-of-life data for more than 100,000 open source software packages. The company uses this data to identify potential cybersecurity risks within companies’ software ...
Business Insider3mon
ReversingLabs Annual Software Supply Chain Security Report Spotlights Mounting Attacks on AI, Crypto, Open Source, and Commercial Software
open-source software remained a key element of supply chain risk in 2024. For example, incidents of exposed development secrets via publicly accessible, open-source packages rose 12% compared to 2023.
Infosecurity-magazine.com5mon
Cryptomining Malware Found in Popular Open Source Packages
A series of high-profile compromises targeting popular open source packages have been uncovered, exposing the growing risk of malicious code infiltration in widely used software tools. Threat actors ...
Business Insider11mon
ReversingLabs Launches Spectra Assure Community – The Largest, Free Resource of Comprehensive Risk Assessments on Open Source Software
real-time threat intelligence data about software packages in open source repositories.” Community Contribution Today’s launch of Spectra Assure Community underscores RL’s enduring ...
TechCrunch6mon
Workbrew makes open source package manager Homebrew enterprise-friendly
A trio of former GitHub executives and engineers have founded a new startup that brings the benefits of one of the most popular open source package managers to the enterprise. Designed primarily ...