For development teams that are still struggling to dig out from the mess caused by the hack of CircleCI in December, recent days brought some good news.

Cybersecurity firm Kaspersky recently published an analysis that detailed how a North Korean threat actor, which it called the BlueNoroff group, is stealing cryptocurrency by bypassing the “Mark of the Web” flag security feature within the Windows operating system.

Slack suffered a security breach recently, “involving unauthorized access to a subset of Slack’s code repositories” according to the messaging platform.

Earlier this month, ReversingLabs published a report on the current state of software supply chain security.

A fully functional SentinelOne client is actually a Trojan horse that hides malicious code within; it was found lurking in the Python Package Index repository ecosystem.

Security researchers with ReversingLabs warn of a new supply chain attack using a malicious PyPI module that poses as a software development kit (SDK) from the cybersecurity firm SentinelOne.