GitLab issues an advisory for a critical-severity vulnerability that allows an attacker to trigger a pipeline as another user.
The post GitLab Ships Update for Critical Pipeline Execution Vulnerability appeared first on SecurityWeek.
Polyfill Domain Shut Down as Owner Disputes Accusations of Malicious Activity
Namecheap shut down polyfill.io amid reports of malicious activity, but the Chinese owner claims it has good intentions.
The post Polyfill Domain Shut Down as Owner Disputes Accusations of Malicious Activity appeared first on SecurityWeek.
Polyfill Supply Chain Attack Hits Over 100k Websites
More than 100,000 websites are affected by a supply chain attack injecting malware via a Polyfill domain.
The post Polyfill Supply Chain Attack Hits Over 100k Websites appeared first on SecurityWeek.
Several Plugins Compromised in WordPress Supply Chain Attack
Five WordPress plugins were injected with malicious code that creates a new administrative account.
The post Several Plugins Compromised in WordPress Supply Chain Attack appeared first on SecurityWeek.
Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report
Attackers are getting more sophisticated, better armed, and faster. Nothing in Rapid7’s 2024 Attack Intelligence Report suggests that this will change.
The post Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report appeared first on SecurityWeek.
XZ Utils Backdoor Attack Brings Another Similar Incident to Light
The discovery of the XZ Utils backdoor reminds an F-Droid developer of a similar incident that occurred a few years ago.
The post XZ Utils Backdoor Attack Brings Another Similar Incident to Light appeared first on SecurityWeek.
Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor
Urgent security alerts issued as malicious code was found embedded in the XZ Utils data compression library used in many Linux distributions.
The post Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor appeared first on SecurityWeek.
Malware Upload Attack Hits PyPI Repository
Maintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload campaign.
The post Malware Upload Attack Hits PyPI Repository appeared first on SecurityWeek.
Binarly Attracts $10.5M to Tackle Software Supply Chain Security
Los Angeles firmware and software supply chain firm banks $10.5 million in seed-stage funding led by Two Bear Capital.
The post Binarly Attracts $10.5M to Tackle Software Supply Chain Security appeared first on SecurityWeek.
Virtual Event Today: Supply Chain & Third-Party Risk Summit 2024
Join the fully immersive virtual event us as we explore the critical nature of software and vendor supply chain security issues
The post Virtual Event Today: Supply Chain & Third-Party Risk Summit 2024 appeared first on SecurityWeek.
