Guru3D

Malicious VS Code Extension Linked to Theft of 3,800 GitHub Repositories

A reported software supply chain attack involving a malicious Visual Studio Code extension has exposed the growing security ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...
Dark Reading

35K Malicious Code Insertions in GitHub: Attack or Bug-Bounty Effort?

A hacker going by the handle "Pl0xP" cloned a large number of GitHub repositories and slightly changed the cloned repository names, in a typosquatting effort to impersonate legitimate projects — thus ...
VentureBeat

GitLab acquires software chat startup Gitter, will open-source the code

GitLab, a startup that provides open source and premium source code repository software that people use to collaborate on software, is announcing today that it has acquired Gitter, a startup that ...
VentureBeat

Atlassian Bitbucket now lets you deploy code to AWS, Microsoft Azure, DigitalOcean

Atlassian, an Australian software company preparing to go public on the NASDAQ, is announcing today that developers can now deploy code from Atlassian’s Bitbucket source code repository software onto ...
Opinion
Morning Overview on MSNOpinion

Trellix just confirmed hackers broke into its own source code repository — exposing the cybersecurity firm’s internal systems to outside inspection

A cybersecurity company trusted to protect some of the largest networks in the country has itself been breached. Trellix, the endpoint detection and response (EDR) vendor born from the merger of ...
CSOonline

NIST provides solid guidance on software supply chain security in DevSecOps

Key recommendations from the NIST’s latest guidance and why they are relevant to modern organizations developing and delivering software. Software supply chain (SSC) attacks continue to be one of the ...