Google Cloud wants to help improve the security of the most widely used open-source software, and to do so it’s making its Assured Open Source Software service generally available for Java and Python ...

A rise in malicious software packages exploiting system vulnerabilities has been detected by security researchers. A new report, published by Fortinet today, analyzes threats observed from November ...

Cisco (Nasdaq:CSCO) has bulked-up its Domain Name System (DNS) security software with new features including AI-enhanced DNS tunneling mitigation and stronger cloud malware detection. Cisco Secure ...

The open-source development ecosystem has experienced a significant rise in malicious software components, putting enterprises on high alert for software supply chain attacks. Malware is infiltrating ...

Looks like the Arch Linux AUR (Arch User Repository) needs some better security and package checks - as some malicious users ...

SARATOGA, Calif.--(BUSINESS WIRE)--Lineaje, the full-lifecycle software supply chain security company, today launched end-to-end capabilities that will fundamentally transform how organizations ...

TeamPCP's extensive supply chain campaign continued this week, as the cybercriminal group compromised several SAP npm packages in a "Mini Shai Hulud" attack. The compromised packages went live ...

A new NuGet typosquatting campaign pushes malicious packages that abuse Visual Studio's MSBuild integration to execute code and install malware stealthily. NuGet is an open-source package manager and ...

A security researcher and system administrator has developed a tool that can help users check for manifest mismatches in packages from the NPM JavaScript software registry. Last week, a former ...

Threat actors are finding new ways to insert invisible code or links into open source code to evade detection of software supply chain attacks. The latest example was found by researchers at ...