SEARCH
Archive
Supply Chain Attack Hits Passwordstate Password Manager
An attacker was able to compromise the update mechanism for the Click Studios Passwordstate password manager and insert a malicious DLL that harvested victims' usernames and passwords.
Popular Codecov Bash Uploader Tool Compromised
The Codecov Bash Uploader tool, used widely in ,any development environments, was compromised in January, potentially causing serious downstream problems.
Keeping Dependencies Straight in the Software Supply Chain
The nature of modern software development is that development teams have to rely on "blind trust" for some of the code components written by someone else. A new attack method showed how build systems could be tricked into pulling code from the wrong projects.
Cybercriminals Target Vaccine Supply Chain
Over the last year, cybercriminals adjusted their attack tactics with new developments with the COVID-19 pandemic. With attention now on developing and distributing the vaccine for the novel coronavirus, attackers have shifted their focus to target the vaccine supply chain.
Malware Infects NetBeans Projects In Software Supply Chain Attack
The Octopus Scanner malware compromised 26 open source projects hosted on GitHub in a new supply chain attack targeting NetBeans projects, GitHub Security Lab said.