January 17, 2023

The CircleCI hack is a red flag for security teams on software supply chain risk

Security teams should consider consider software supply chain risk through a new lens after the latest CircleCI incident.
January 11, 2023

If you don't love me now: JsonWebToken breaks the software supply chain (again)

The JsonWebToken library has a serious flaw — providing yet another example of the risks in uncontrolled software supply chains.
January 4, 2023

PyTorch supply chain attack: Dependency confusion burns DevOps

The PyTorch open source software supply chain was compromised by a hacker publishing a malicious torchtriton clone on PyPI. Here's the craic.
January 4, 2023

10 software supply chain attacks you can learn from

Supply chain attacks are surging — and no one is immune. That has CISOs and boards worried. Learn from these notable 2022 software supply chain attacks. 
December 19, 2022

SentinelSneak: Malicious PyPI module poses as security SDK

A malicious Python file found on the PyPI repo adds backdoor and data exfiltration features to what appears to be a legitimate SDK client from SentinelOne.
December 14, 2022

Ahoy! More insecure code washes ashore with AlphaCode

Here comes AlphaCode: Another AI code-generating parlor trick spitting out vulnerabilities. Is your software security team ready for the onslaught?