Discover the intriguing NPM flooding case-study "Down the Rabbit Hole looking for a Tea" by José Antonio Garcel Díaz, revealing hidden anomalies and security insights. Read the full article now! ...
Discover how to identify and defend against all types of software dependency attacks....
Understand the differences between typosquatting and copycat packages, both tactics used to deceive users into downloading malicious software....
Discover the insidious world of malicious code: from backdoors to ransomware. Learn how to safeguard your digital assets with advanced cybersecurity measures. Spotlighted in 'Software Supply Chain Security Deep-Dive,' we redefine cybersecurity with innovative solutions and real-time protection. ...
Delve into the Ledger Attack, a spear-phishing SSC incident dissected by Xygeni's expert Luis Manuel Rodriguez Berzosa, revealing lessons in security, impact assessment, and incident response. ...
Uncover malicious NPM packages and fortify your software supply chain with Xygeni's Early Warning Service. 10 malicious NPM packages were discovered and a new threat vector, djs13-fetcher, was identified. Learn how to protect your business from these threats. ...
Uncover the risk of supply chain attacks on telecoms, safeguard data, and embrace Software Bill of Materials (SBOM) for supply chain security....
IntroductionOrca Security has recently identified a design flaw in Google Cloud Build service, named "Bad.Build." This flaw poses a serious security risk as it enables attackers to execute Privilege Escalation, granting them unauthorized entry into Google's Artifact Registry's code repositories.The consequences of this vulnerability extend...
Software Supply Chain Attacks Analysis 3CX is a well-known company providing VoIP and Unified Communications products. They claim to have over 600,000 installations and 12M daily users. Undoubtedly a tempting target for bad actors. By the end of March, 3CX suffered the 3CX Supply Chain Attack a...
Code tampering refers to the unauthorised modification or alteration of source code during software application development, testing, or deployment. This malicious activity can have devastating consequences, from introducing security vulnerabilities to altering the intended behaviour of the software, causing it to fail in unexpected ways. Code tampering...
Software technology evolved, and hackers evolved with it. The arms-race with bad actors was mostly restricted to vulnerabilities and attacks directed at the deployed software. Attacking the software supply chain, albeit not unseen, was not the primary target for the bad guys...
