September 30, 2024 at 05:51PM Microsoft has introduced an updated version of the “Publish API for Edge extension developers,” increasing security for developer accounts and extension updates. As part of its Secure Future Initiative, the company is enhancing security by generating dynamic API keys, storing them as hashes, and expiring keys more frequently. The new … Read more
August 20, 2024 at 07:18AM CISOs are facing challenges in justifying cybersecurity ROI, influencing security-first mindset, and addressing complex threat landscape. The need for a new approach is evident to uplift security culture and bridge the gap between developers. DevSecOps and continuous skills development are necessary to achieve next-level secure development and effective security programs. … Read more
April 10, 2024 at 09:15AM Threat actors are leveraging GitHub’s search feature to dupe users into downloading malicious code by creating fake repositories with popular names. The attackers manipulate search rankings and use fake stars to deceive users. Researchers warn of the ongoing threat to the open-source ecosystem and emphasize the need for caution when … Read more
January 17, 2024 at 07:36AM Snyk, a developer-focused security company, has acquired Helios, a startup specializing in runtime application troubleshooting. This acquisition will enhance Snyk’s “cloud-to-code risk visibility” by combining Helios’ runtime data collection with the Snyk Developer Security Platform. The integration will provide Snyk customers with improved asset discovery, issue identification, and risk prioritization. … Read more
November 8, 2023 at 08:27AM A set of malicious Python packages, disguised as obfuscation tools, have been discovered on the Python Package Index (PyPI) repository. The packages contain a malware called BlazeStealer, which allows attackers to gain control over compromised systems. The campaign began in January 2023 and includes eight packages. The malware can steal … Read more