DataBreachToday

Flurry of Supply-Chain Software Library Attacks

As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...
Business Wire

Lineaje Redefines Software Supply Chain Security with Agentic AI-Driven Risk Elimination, Gold Open Source and SCA360

SARATOGA, Calif.--(BUSINESS WIRE)--Lineaje, the full-lifecycle software supply chain security company, today launched end-to-end capabilities that will fundamentally transform how organizations ...
VentureBeat

Meet Aardvark, OpenAI’s security agent for code analysis and patching

An aardvark works in an office typing at a desktop PC while happy human workers mill about in the background. Credit: VentureBeat made with ChatGPT Positioned as a scalable defense tool for modern ...
Forbes

Security Of Enterprise Code: What Companies Using Open-Source Software Should Know About Binary Code Verification

Nowadays, there is a universe of open-source projects consisting of code, libraries and binaries from different sources. The open-source code and binaries are freely available from public repositories ...
Ars Technica

More malicious packages posted to online repository. This time it’s PyPI

Researchers have uncovered yet another supply chain attack targeting an open source code repository, showing that the technique, which has gained wide use in the past few years, isn’t going away any ...
CSOonline

How CISOs can tackle the pernicious problem of poisoned packages

Primary code repositories are a godsend for software developers but offer easy access for threat actors to deliver malware. Experts say CISOs should scan for threats and be aware of the dangers. Since ...
TechCrunch

DeepSeek to open source parts of online services code

Chinese AI lab DeepSeek plans to open source portions of its online services’ code as part of an “open source week” event next week. DeepSeek will open source five code repositories that have been ...