DevSecOps

In this photo illustration, the homepage of the GitHub website seen on a computer screen through a magnifying glass.

GitHub, NPM registry abused to host SSH key-stealing malware

Laura FrenchJanuary 24, 2024

Malware distribution on open source package repositories increased 1,300% in the last three years, researchers say.

Android, Java apps susceptible to novel MavenGate software supply chain attack technique

SC StaffJanuary 23, 2024

Numerous Android and Java apps leveraging abandoned open-source libraries, including all technologies based on Apache Maven, could be compromised through the novel MavenGate software supply chain attack technique, reports The Hacker News.

Supply chain

Supply chain attacks possible with TensorFlow CI/CD misconfigurations

SC StaffJanuary 19, 2024

Supply chain attacks possible with TensorFlow CI/CD misconfigurations TensorFlow instances on GitHub and PyPi could have been subjected to supply chain attacks involving the exploitation of continuous integration and continuous delivery vulnerabilities within the open-source machine learning framework, reports The Hacker News.

A computer screen with Javascript is seen

DevSecOps

NPM registry users download 2.1B deprecated packages weekly, researchers say

Laura FrenchJanuary 18, 2024

Unreported vulnerabilities may lurk among thousands of the most popular NPM packages.

DevSecOps

GitHub flaw prompts key rotation

Steve ZurierJanuary 17, 2024

All GitHub keys that may have been compromised by an unsafe reflection vulnerability, tracked as CVE-2024-0200, could be leveraged to enable remote code execution.

Vulnerability Management

GitLab vulnerability risks account takeover via simple password reset

Laura FrenchJanuary 12, 2024

No user interaction is required for takeover; GitLab CE and EE users should patch immediately.

Cloud Security

Cloud 2024: SaaS nightmares, API security boom and the impending cloud ‘identity crisis’

Stephen WeigandJanuary 11, 2024

"In 2024, SaaS applications will present the next biggest attack surface that organizations have not yet addressed," says Adam Gavish, CEO and co-founder, DoControl.

DevSecOps

Five ways to develop better, safer apps

Raj Rajamani January 9, 2024

Here’s five ways development and security teams can combine forces to build better apps via a DevSecOps approach.

DevSecOps

Related Videos

DevSecOps: A process of methods and mentality

Target’s Jodie Kautt on the benefit of innovation beyond the enterprise

The hard lessons of DevOps and security

GitHub, NPM registry abused to host SSH key-stealing malware

Android, Java apps susceptible to novel MavenGate software supply chain attack technique

Supply chain attacks possible with TensorFlow CI/CD misconfigurations

NPM registry users download 2.1B deprecated packages weekly, researchers say

GitHub flaw prompts key rotation

GitLab vulnerability risks account takeover via simple password reset

Cloud 2024: SaaS nightmares, API security boom and the impending cloud ‘identity crisis’

Five ways to develop better, safer apps