Microsoft PowerShell Gallery vulnerable to spoofing, supply chain attacks
Users of the PS Gallery repository are advised to adopt policies that allow execution of only signed scripts
Read More...Users of the PS Gallery repository are advised to adopt policies that allow execution of only signed scripts
Read More...It is possible to take over retired organizations or user names and publish trojanized versions of repositories to run malicious code
Read More...A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack
Read More...The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib3
Read More...Microsoft has revoked several Microsoft hardware developer accounts after drivers signed through their profiles were used in cyberattacks, including ransomware incidents
Read More...An analysis of firmware images across devices from Dell, HP, and Lenovo has revealed the presence of outdated versions of the OpenSSL cryptographic library, underscoring a supply chain risk
Read More...Developers will find helpful guidance from NSA and partners on developing secure code, verifying third party components, hardening the built environment, and delivering the code. Until all DevOps is DevSecOps, the software development lifecycle will be at risk
Read More...