#software-supply-chain-security

[ follow ]
#cyberwarfare #critical-infrastructure #ai-in-cybersecurity #open-source-maintenance #kubernetes #emeritoss
fromNextgov.com
2 weeks ago

The cyberwarfare landscape is changing - here's how to prepare

Even incidents like the Colonial Pipeline ransomware attack, which showed us how the cyber world and our physical lives intersect, stopped far short of societal disruption. However, the threat of cyberwar has been building, influenced by advancements in AI and increased presence of actors in U.S. systems and telecommunication networks. A military conflict could escalate these attacks to scale, crippling critical infrastructure and public safety systems like power grids, transportation networks and emergency response, even disrupting military communications and undermining response.
Information security
Information security
fromZDNET
2 weeks ago

Did maintainers abandon your critical open-source tool? This rescue plan offers a lifeline

EmeritOSS provides stability-focused maintenance and security patches for mature, unmaintained open-source projects like Kaniko, Kubeapps, and Ingress-NGINX.
fromTechzine Global
1 month ago

The rise (and fall?) of shadow AI

As software application development teams now start to embrace an increasing number of automation tools to provide AI-driven (or at least AI-assisted) coding functions in their codebases, a Newtonian equal and opposite reaction is also surfacing in the shape of governance controls and guardrails to keep AI injections in check as these technologies now surface in the software supply chain.
Information security
Information security
fromWIRED
2 months ago

'Happy Gilmore' Producer Buys Spyware Maker NSO Group

North Korean operatives are posing as architecture professionals using fake profiles, résumés, and Social Security numbers to infiltrate US companies.
Software development
fromInfoQ
3 months ago

The Hidden Vulnerability of The Open Source Software Supply Chain: The Underlying Infrastructure

Brian Fox, Sonatype CTO and open source leader, guided Maven governance, OpenSSF/FINOS efforts, and advised governments on cyber resiliency including the EU Cyber Resilience Act.
Python
fromThe Hacker News
7 months ago

Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times

A malicious PyPI package named discordpydebug disguises itself as a Discord utility while incorporating a remote access trojan.
[ Load more ]