World’s Largest Supply Chain Cyber Attack… And just 5 Cents Stolen?
You probably saw the headlines: the world’s largest npm supply chain attack, chalk and debug-js packages with BILLIONS of downloads...
open source
Audacity’s new “Privacy Notice” has left many concerned
Free and open-source digital audio manipulation project Audacity has recently issued an updated privacy notice leaving many Audacity users concerned....
Google releases Fully Homomorphic Encryption toolkit on GitHub
This week Google has open-sourced its Fully Homomorphic Encryption (FHE) toolkit on GitHub. The toolkit includes open-source libraries enabling developers...
Codecov hack aftermath: hundreds breached, many more to follow
On April 1st software testing firm, Codecov became aware of a security incident. The company learned, that for over two...
Where did these mysterious PrismJS npm versions come from?
In 2015, strange 9000.0.x versions of PrismJS appeared on npm downloads, and nobody had a clue where they came from,...
Git remote code execution vulnerability patched, upgrade now
The Git project has released patches for a severe remote code execution (RCE) vulnerability, CVE-2021-21300. The flaw can be exploited...
WooCommerce fixes critical Upload Files vulnerability
Developers have fixed a critical vulnerability in the WooCommerce Upload Files plugin. WooCommerce is an open-source e-commerce platform used by...
Grayhat pollutes npm, PyPI with thousands of fake supply chain dependencies
A gray hat hacker has published over 7,000 dependency confusion packages to npm and PyPI repositories and continues to do...
Source code used by Central Banks and Stock Exchanges leaked online
This week, the source code of CMA, a software provider relied on by leading central banks across nations and stock...
‘CursedGrabber’ Discord malware possibly linked to Russian and Ukrainian hackers
A new family of Discord malware has been spotted by Sonatype this week. Known as CursedGrabber, multiple strands of this...