Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

By Ilkka Turunen on April 01, 2024 Software Supply Chain

11 minute read time

Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand its impact, potential risks

Read More...

Octopus Scanner compromises 26 OSS projects on GitHub

By Brian Fox on May 31, 2020 #OSSsecurity

4 minute read time

The Octopus Scanner malware compromised 26 open source projects hosted on GitHub in a new form of software supply chain attack targeting NetBeans projects.

Read More...

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

Octopus Scanner compromises 26 OSS projects on GitHub

Secure your software supply chain

Subscribe for all the latest software security news and events