Malicious NPM Package Use in Supply chain attacks
Researchers have discovered a supply chain attack that uses packages hosted on the Node Package Manager, the manager for the Node.js JavaScript platform. The attack involves more than two dozen…
SOCKET: OSS Prevention Tool
A group of software package maintainers has created a tool for defending applications that depend on open-source JavaScript libraries dubbed Socket, the tool uses a proactive defense against open-source software…
Supply Chain Attack Using NPM
A supply chain attack in a popular JavaScript developer module has been taken place due to Russian invasion on Ukraine. This has been started on March 8 with developer Brandon…
PaloAlto Supply Chain Security Protection
Palo Alto Networks announced a new security offering to combat supply chain threats. This Cloud Supply Chain Security offering provides a complete view of where potential vulnerabilities or misconfigurations exist…
Posted inSecurity
WordPress AccessPress Theme Backdoored
Security researchers that the popular WordPress plugin and theme AccessPress were compromised, and their software replaced with backdoored versions. The compromise appears to have taken place in September of last…
Critical Vulnerability in SAP NetWeaver lead to Supply Chain Attack
A critical vulnerability patched recently in SAP NetWeaver in ABAP Platform could be abused to set up supply chain attacks. Dubbed as an improper authorization issue, the security error allows…
Apache Worried On End-Of-Life Softwares
The Apache Software Foundation has warned that its efforts to rapid response to security vulnerabilities are being undermined by organizations running EOL versions of Apache software. The warning came as…
Network Virtualization Could Lead to Privilege Escalation in AWS
A vulnerability in a library created by network virtualization firm Eltima and used by a variety of vendors, including Amazon has left more than a dozen cloud services vulnerable to…