Fake VS Code Extension on npm Spreads Multi-Stage Malware
Learn about a fake VS-code extension on npm—truffelvscode—typosquatting the popular truffle for VS-code extension.
CVE-2024-50379: A Critical Race Condition in Apache Tomcat
An Apache Tomcat web server vulnerability has been published, exposing the platform to remote code execution through a race condition failure.
The @Solana/web3.js Incident: Another Wake-Up Call for Supply Chain Security
This post covers the attack flow, how it happened, and the importance of supply chain security.
More than 100K sites impacted by Polyfill supply chain attack
The new Chinese owner tampers with the code of cdn.polyfill.io to inject malware targeting mobile devices.
Over 100 Malicious Packages Target Popular ML PyPi Libraries
Discover the latest security threat as over 100 malicious packages target popular ML PyPi libraries. Learn about the attack methods.
What New Security Threats Arise from The Boom in AI and LLMs?
Explore the security threats arising from the boom in AI and LLMs, including data privacy, misinformation, and resource exhaustion.
What Role Should Dependency Management Play as the Regulation of the Software Supply Chain Escalates?
Discover the importance of dependency management in securing the software supply chain as regulations escalate.
8 Considerations for Thwarting Malicious Packages
Learn how to protect your code from malicious packages with these eight considerations. Stay ahead of supply chain security threats.
What You Can Do to Stop Software Supply Chain Attacks
Learn how to stop software supply chain attacks with SBOMs, best practices, and prioritizing known vulnerabilities. Protect your software.
There’s a New Stealer Variant in Town, and It’s Using Electron to Stay Fully Undetected
Discover the latest threat in town - a new info-stealer variant using Electron to remain undetected. Learn about its attack flow.
What Risks Do You Run from Brandjacking, and How Do You Overcome Them?
Learn about the risks of brandjacking & how to overcome them with application security tools & practices. Protect your org from cyber threats.
What Cybersecurity Risks Does Typosquatting Pose, and How Can You Beat Them?
Find out what typosquatting is, why it is such a threat, and what you can do to stop it.
How Does SLSA Help Strengthen Software Supply Chain Security?
Learn how SLSA enhances software supply chain security with levels of protection. Understand the risks, benefits, and best practices.
Understanding the Anatomy of a Malicious Package Attack
Learn to protect your applications from malicious packages with our guide. Understand the anatomy of attacks and how to prevent them.
What’s Driving the Adoption of SBOMs? What’s Next for Them?
Discover what's driving the adoption of SBOMs and what's next for them in terms of malicious packages and supply chain security.
The Unseen Risks of Open Source Dependencies: The Case of an Abandoned Name
Mend.io research discovered a threat actor takeover of the name ‘gemnasium-gitlab-service', a retired Ruby gem with two million+ downloads.
