Dark Reading

35K Malicious Code Insertions in GitHub: Attack or Bug-Bounty Effort?

A hacker going by the handle "Pl0xP" cloned a large number of GitHub repositories and slightly changed the cloned repository names, in a typosquatting effort to impersonate legitimate projects — thus ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...
VentureBeat

GitLab acquires software chat startup Gitter, will open-source the code

GitLab, a startup that provides open source and premium source code repository software that people use to collaborate on software, is announcing today that it has acquired Gitter, a startup that ...
Guru3D

Malicious VS Code Extension Linked to Theft of 3,800 GitHub Repositories

A reported software supply chain attack involving a malicious Visual Studio Code extension has exposed the growing security ...
VentureBeat

Atlassian Bitbucket now lets you deploy code to AWS, Microsoft Azure, DigitalOcean

Atlassian, an Australian software company preparing to go public on the NASDAQ, is announcing today that developers can now deploy code from Atlassian’s Bitbucket source code repository software onto ...
CSOonline

NIST provides solid guidance on software supply chain security in DevSecOps

Key recommendations from the NIST’s latest guidance and why they are relevant to modern organizations developing and delivering software. Software supply chain (SSC) attacks continue to be one of the ...