Two different attackers poisoned popular open source tools - and showed us the future of ...

Although executed by different attackers – Axios by North Korean-linked goons, and Trivy et al. by a loosely knit band of ...
Dark Reading

Claude Source Code Leak Highlights Big Supply Chain Missteps

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.
Bleeping Computer

Apiiro unveils free scanner to detect malicious code merges

Security researchers at Apiiro have released two free, open-source tools designed to detect and block malicious code before they are added to software projects to curb supply chain attacks. The two ...
The Next Web

Hackers breached the European Commission by poisoning the security tool it used to protect ...

CERT-EU attributed a 92 GB data breach at the European Commission to TeamPCP, which compromised the Trivy security scanner in ...
SDxCentral

Cisco source code breach leaks AI projects and AWS credentials

While Cisco breaches often center around hardware and legacy vulnerabilities, a 2024 attack saw an actor download certain ...