Sonatype
Securing open-source code supply chains may help prevent the next big cyberattack
The headline-making supply chain attack on SolarWinds late last year sent a shock wave through the security community and had many CISOs and security leaders asking: “Is my …
Popular npm package hijacked, modified to deliver cryptominers
Several versions of the npm package for UA-parser.js, a widely used JavaScript library, have been modified to include malicious code and have been made available for download. …
Open source cyberattacks increasing by 650%, popular projects more vulnerable
Sonatype released a report that revealed continued strong growth in open source supply and demand dynamics. Further, with regard to open source security risks, the report …
Saltworks collaborates with Bit Discovery to provide ASM capabilities to application security teams
Saltworks announced a partnership with attack surface management (ASM) provider Bit Discovery to integrate advanced ASM capabilities into SaltMiner, Saltworks’ enterprise …
OpenSSF adds new members from around the globe to improve OSS security
OpenSSF announced new membership commitments to advance open source security education and best practices. New members include Accurics, Anchore, Bloomberg Finance, Cisco …
36% of organizations suffered a serious cloud security data leak or a breach in the past year
As cloud adoption accelerates and the scale of cloud environments grows, engineering and security teams say that risks—and the costs of addressing them—are increasing. The …
Siren partners with SECTION6 to strengthen its presence in the APAC region
Siren announced a new partnership agreement with Auckland-based SECTION6, a consultancy which specialises in optimising the delivery and operation of critical IT solutions …
TCG’s security guide verifies the trustworthiness of each end point
IT administrators and manufacturers can now secure enterprise computing, with the latest specification from the Trusted Computing Group (TCG). This new guide verifies the …
Saltworks partners with Secure Code Warrior on secure coding for DevOps
Saltworks announced a partnership with Secure Code Warrior to elevate the importance and accessibility of secure code education and skills development. By helping developers …
Vulnerable TCP/IP stacks open millions of IoT and OT devices to attack
Forescout researchers have discovered 33 vulnerabilities affecting four open source TCP/IP (communications) stacks used in millions of connected devices worldwide. …
Surge in cyber attacks targeting open source software projects
There has been a massive 430% surge in next generation cyber attacks aimed at actively infiltrating open source software supply chains, Sonatype has found. Rise of next-gen …
Happy developers more likely to build secure apps
There’s an intrinsic link between developer happiness and application security hygiene, and an alarming level of application breaches, according to Sonatype. For the …
Featured news
Sponsored
Don't miss
- Applying DevSecOps principles to machine learning workloads
- Overcoming GenAI challenges in healthcare cybersecurity
- 25 cybersecurity AI stats you should know
- Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)
- PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389)