software supply chain attacks
‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought
Spackle attack: Chinese company takes over widely used free web service—almost 400,000 websites at risk ...
Imperva Client-Side Protection Mitigates the Polyfill Supply Chain Attack
The recent discovery of a website supply chain attack using the cdn.polyfill.io domain has left many websites vulnerable to malicious code injection. Once a trusted resource for adding JavaScript polyfills to websites, ...
WordPress Plugin Supply Chain Attack Gets Worse
30,000 websites at risk: Check yours ASAP! (800 Million Ostriches Can’t Be Wrong.) ...
GitLab ‘Perfect 10’ Bug Gets a CISA Warning: PATCH NOW
Password reset FAILURE: The U.S. Cybersecurity and Infrastructure Security Agency warns GitLab users of a 100-day-old, maximum severity vulnerability ...
PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found
Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...
Threat Groups Rush to Exploit JetBrains’ TeamCity CI/CD Security Flaws
The cyberthreats to users of JetBrains’ TeamCity CI/CD platform continue to mount a week after the company issued two fixes to security vulnerabilities, with one cybersecurity vendor noting a ransomware attack that ...
Russian Hackers Access Source Code in Ongoing Attack on Microsoft
The Russian state-sponsored bad actors who hacked into the corporate email accounts of executives at Microsoft are taking another run at the IT giant, this time using information stolen then to access ...
GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...
GitLab Security Patches: Safeguarding Your Data
GitLab recently released critical security upgrades in order to improve the security of its widely used open-source code repository and DevOps collaborative software development platform. These GitLab security patches are intended to ...
Fortinet Discreetly Patches CVE-2023-27997, a Known Exploited Vulnerability
According to Fortinet, 110 vulnerabilities affecting Fortinet software were announced since the beginning of 2023. On June 8th, security fixes were released in FortiOS firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5 ...
