Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.

Endor Labs

malicious package
TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware

TeamPCP continues is supply chain compromise rampage, with telnyx on PyPI being the latest maliciously modified package. What happened? Telnyx is a widely used software …

development vs. security
Development vs. security: The friction threatening your code

Developers are driven to deliver new features quickly, while security teams prioritize risk mitigation, which often puts the two at odds. 61% of developers said that it’s …

open source
What open source means for cybersecurity

With outdated and inadequately maintained components, along with insecure dependencies, the open-source ecosystem presents numerous risks that could expose organizations to …

Karl Mattson
Tackling software vulnerabilities with smarter developer strategies

In this Help Net Security interview, Karl Mattson, CISO at Endor Labs, discusses strategies for enhancing secure software development. Mattson covers how developers can …

Henrik Plate
Detecting vulnerable code in software dependencies is more complex than it seems

In this Help Net Security interview, Henrik Plate, CISSP, security researcher, Endor Labs, discusses the complexities AppSec teams face in identifying vulnerabilities within …

open source
Trends and dangers in open-source software dependencies

A C-suite perspective on potential vulnerabilities within open-source dependencies or software packages reveals that, while remediation costs for dependency risks are …

Infosec products of the month
Infosec products of the month: August 2024

Here’s a look at the most interesting products from the past month, featuring releases from: Adaptive Shield, AppOmni, ArmorCode, Bitwarden, Cequence Security, ClearSale, …

Infosec products of the week
New infosec products of the week: August 9, 2024

Here’s a look at the most interesting products from the past week, featuring releases from: Rapid7, AppOmni, Contrast Security, Elastic, Cequence Security, Veza, ArmorCode, …

HNS
Endor Labs launches Upgrade Impact Analysis and Magic Patches for SCA market

Endor Labs unveiled two capabilities, Upgrade Impact Analysis and Endor Magic Patches, that fix an expensive and time-consuming problem in the Software Composition Analysis …

shadow egineering
Shadow engineering exposed: Addressing the risks of unauthorized engineering practices

Shadow engineering is present in many organizations, and it can lead to security, compliance, and risk challenges. In this Help Net Security video, Darren Meyer, Staff …

open source
New open-source project takeover attacks spotted, stymied

The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the open-source XZ Utils …

supply chain
Integrating software supply chain security in DevSecOps CI/CD pipelines

NIST released its final guidelines for integrating software supply chain security in DevSecOps CI/CD pipelines (SP 800-204D). In this Help Net Security video, Henrik Plate, …

Featured news

Resources

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools