DevSecOps

As the industry relies more on open source software, it really needs to take a more proactive stance on patching vulnerabilities.

Online developer community Stack Overflow has been leveraged to facilitate the distribution of a malicious Python Package Index package containing cryptocurrency-stealing malware, reports The Hacker News.

GitLab has issued fixes for several security vulnerabilities through the latest versions of its Community Edition and Enterprise Edition software, BleepingComputer reports.

Security pros warn that a bug in the popular open-source logging and metrics tool could cause denial-of-service attacks and data loss in all the major cloud platforms, including AWS, GCP and Azure.

Companies need to support their developers and coders need to double-down on the value of high-quality source code to the business.

Software firms have been urged by the FBI and Cybersecurity and Infrastructure Security Agency to ensure the absence of path traversal or directory traversal vulnerabilities in their products prior to shipping, BleepingComputer reports.

Ongoing intrusions targeting GitLab instances impacted by the maximum severity account takeover vulnerability, tracked as CVE-2023-7028, have prompted the flaw's inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies urged to remediate the security issue by May 22, reports BleepingComputer.