Slack suffered a security breach recently, “involving unauthorized access to a subset of Slack’s code repositories” according to the messaging platform.

Earlier this month, ReversingLabs published a report on the current state of software supply chain security.

A fully functional SentinelOne client is actually a Trojan horse that hides malicious code within; it was found lurking in the Python Package Index repository ecosystem.

Security researchers with ReversingLabs warn of a new supply chain attack using a malicious PyPI module that poses as a software development kit (SDK) from the cybersecurity firm SentinelOne.

The findings come as ReversingLabs' report found that the PyPI repository has witnessed a nearly 60% decrease in malicious package uploads in 2022

The coming new year is a good moment for chief information security officers to reflect upon what they've learned this year and how to apply this knowledge going forward.