July 21, 2021

Groundhog day: NPM package caught stealing browser passwords

Today almost everyone knows that they need to protect their publicly exposed services and applications against the potential attacks from the outside
July 7, 2021

Third-party code comes with some baggage

Recognize risks introduced by statically linked third-party libraries.
May 7, 2021

It only takes one line of code to ruin your day

Much like SolarWinds before it, this incident shows we need to take a more critical look at the software we are using and trusting to be good.
January 11, 2021

A CISO’s guide to protecting against modern software threats

How to Rebuild Trust in the SDLC and 3rd Party Software Supply Chain
December 16, 2020

SunBurst: The next level of stealth

SolarWinds compromise exploited through sophistication and patience
April 16, 2020

Mining for malicious Ruby gems

Typosquatting barrage on RubyGems software repository users