What’s in a name? Here's how bad actors are pushing malware on the Python Package Index under the guise of legitimate yet abandoned open source modules.
Read More about Package names repurposed to push malware on PyPI
Matt Rose presents at RSAC 2023 on the mismatch between traditional app sec tools like SCA and modern supply chain threats. Here are highlights from his talk.
Read More about What traditional app sec tools miss: The monsters in your software supply chain
The surprising story of the hack of VoIP provider 3CX got even crazier this week. Here's what you need to know.
Read More about The 3CX attack gets wilder, marks first 'cascading supply chain compromise'
In a new ReversingLabs Software Supply Chain Risk Survey, IT pros say supply chain security poses an “enterprise-wide” risk that traditional app sec tools can't address.
Read More about Companies scramble to cover software supply chain security gaps: 3 key survey takeaways
One software supply chain attack caused another, making it a first for the industry. Also: Malware spreads via apps in the Google Play Store.
Read More about The Week in Security: 3CX attack caused by earlier supply chain hack, malware in Google Play
Software supply chain security is taking center-stage at RSAC 2023. Here are the talks you don't want to miss.
Read More about What’s hot at RSA Conference 2023: 8 must-see software supply chain security talks
Secrets are increasingly exposed during software development, creating a field-day for malicious actors. Here are key takeaways from our special report series, Secrets Exposed.
Read More about Secrets security: The why, the how – and what to do about it
The Python Software Foundation is very, very unhappy with the draft Cyber Resilience Act (CRA) and Product Liability Act (PLA).
Read More about EU cyber laws ‘will’ make FOSS devs liable
There is so much to take in at RSAC. Cut through the noise with our list of threat-focused talks you don't want to miss.
Read More about What’s hot at RSA Conference 2023: 6 must-see malware analysis and threat hunting talks
Here's what the Open Software Supply Chain Attack Reference (OSC&R) framework move means in the short run — and long term.
Read More about OSC&R embraces GitHub: Will it move the needle on supply chain security?
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Read More about The Week in Security: 3CX attackers identified as North Korean, CISA pushes Secure by Design
Déjà vu, but carry protection, dev teams traveling with credentials: Public-USB hacks could finally have gone rogue, per the FBI.
Read More about Has public USB ‘juice jacking’ made it into the wild?
Here's why some security practitioners question the term — and what they think app sec teams should focus on instead.
Read More about Why 'shift left' is now a dirty term in some security circles
Experts break down the incident, and explain how app sec tools are evolving to detect and prevent such attacks.
Read More about What went wrong with the 3CX software supply chain attack — and how it could have been prevented
Research connects the rise of AI tools and an increase in social engineering attacks. Also: A stolen credentials site is seized.
Read More about The Week in Security: Social engineering-attacks up with the rise of AI tools, Genesis Market seized