GitHub will implement local publishing with mandatory 2FA, granular tokens that expire after seven days, and trusted publishing.
The post GitHub Boosting Security in Response to NPM Supply Chain Attacks appeared first on SecurityWeek.
The packages were injected with malicious code to harvest secrets, dump them to a public repository, and make private repositories public.
The post Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit appeared first on SecurityWeek.
Designed to intercept cryptocurrency transactions, the malicious code reached 10% of cloud environments.
The post Highly Popular NPM Packages Poisoned in New Supply Chain Attack appeared first on SecurityWeek.
A supply chain attack called GhostAction has enabled threat actors to steal secrets and exploit them.
The post GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets appeared first on SecurityWeek.
SBOM adoption will drive software supply chain security, decreasing risks and costs, and improving transparency.
The post US, Allies Push for SBOMs to Bolster Cybersecurity appeared first on SecurityWeek.
CISA has updated the Minimum Elements for a Software Bill of Materials (SBOM) guidance and is seeking public comment.
The post CISA Requests Public Feedback on Updated SBOM Guidance appeared first on SecurityWeek.
CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained.
The post Watch Now: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event) appeared first on SecurityWeek.
Taking place August 12-13, CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained.
The post CodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (Virtual Event) appeared first on SecurityWeek.
Taking place August 12-13, CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained.
The post CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds appeared first on SecurityWeek.
Base44 owner Wix quickly patched a critical authentication bypass vulnerability discovered by researchers at Wiz.
The post Flaw in Vibe Coding Platform Base44 Exposed Private Enterprise Applications appeared first on SecurityWeek.
