Microsoft PowerShell Gallery vulnerable to spoofing, supply chain attacks
Users of the PS Gallery repository are advised to adopt policies that allow execution of only signed scripts
Read More...
Million of GitHub Repositories Likely Vulnerable to RepoJacking Attack
It is possible to take over retired organizations or user names and publish trojanized versions of repositories to run malicious code
Read More...
3CX Desktop App found to be trojanized in a Supply Chain Attack
A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack
Read More...
Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries
The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib3
Read More...
Microsoft-signed malicious Windows drivers used in ransomware attacks
Microsoft has revoked several Microsoft hardware developer accounts after drivers signed through their profiles were used in cyberattacks, including ransomware incidents
Read More...
Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions
An analysis of firmware images across devices from Dell, HP, and Lenovo has revealed the presence of outdated versions of the OpenSSL cryptographic library, underscoring a supply chain risk
Read More...
NSA and CISA share tips to secure the software supply chain
Developers will find helpful guidance from NSA and partners on developing secure code, verifying third party components, hardening the built environment, and delivering the code. Until all DevOps is DevSecOps, the software development lifecycle will be at risk
Read More...