July 15, 2024 at 01:06PM Cybersecurity researchers found a leaked GitHub token that could have enabled elevated access to Python repositories. JFrog discovered the token in a public Docker container and immediately revoked it after disclosure. Checkmarx also uncovered malicious packages on PyPI designed to extract sensitive information to a Telegram bot. No evidence shows … Read more
June 11, 2024 at 05:39PM Checkmarx, a leading cloud-native application security provider, has launched Checkmarx Application Security Posture Management (ASPM) and Cloud Insights to offer unparalleled visibility into organizations’ application security posture from code to cloud. These new solutions empower enterprises to reduce application and business risk and prioritize remediation efforts effectively. For more information, … Read more
February 21, 2024 at 03:30AM The European Union introduced the original Network and Information Security (NIS) Directive in 2016 in response to growing cybersecurity threats. The upcoming NIS2 directive, effective in October 2024, expands security requirements for over 160,000 companies, with non-compliance fines reaching €10 million. Organizations are urged to prepare for increased obligations and … Read more
November 9, 2023 at 06:16PM Malicious Python packages masquerading as code obfuscation tools are targeting developers through the PyPI code repository. Known as “BlazeStealer,” the malware can steal data, launch keyloggers, encrypt files, and execute commands. Hackers target developers engaged in code obfuscation due to the valuable and sensitive information they work with. BlazeStealer is … Read more
October 12, 2023 at 09:57AM A malicious package named Pathoschild.Stardew.Mod.Build.Config has been found on the NuGet package manager. It delivers a remote access trojan called SeroXen RAT. The package is a typosquat of a legitimate package and has artificially inflated its download count to over 100,000. The profile behind the package has published six other … Read more