September 25, 2024 at 10:42AM DefectDojo, an application security firm based in Austin, Texas, raised $7 million in Series A funding. The company’s open source platform automates security workflows, aggregates data from various tools, and offers vulnerability management capabilities. The funds will support innovation, product development, and market expansion while maintaining a commitment to its … Read more
September 25, 2024 at 08:40AM RISC-V, an open and free instruction set for customizable silicon chips, is gaining interest in automotive, critical infrastructure, and industrial sectors. However, its susceptibility to backdoors poses security concerns. The Xuantie C910 chip’s vulnerability, Ghostwrite, allows unauthorized access to privileged memory, highlighting the potential risks associated with RISC-V chip designs. … Read more
September 20, 2024 at 04:21PM North Korean threat group, Gleaming Pisces, is suspected of covertly embedding remote access malware into open source Python packages for macOS and Linux, targeting developers. The malware, named PondRAT, executes malicious code to download a trojan. The group’s focus on non-Windows systems reflects its audience: developers. Vigilance against phishing attacks … Read more
September 19, 2024 at 07:38AM The Coalition for Secure AI is an open-source initiative dedicated to creating secure-by-design AI technologies. Cyware, a threat intelligence management vendor, has recently become a member, joining founding members Google and others. Three work streams have been established, focusing on software supply chain security, cybersecurity preparation, and AI risk governance, … Read more
September 12, 2024 at 01:12AM WordPress.org is set to make two-factor authentication mandatory for accounts with the ability to update plugins and themes, aiming to enhance security and prevent unauthorized access. In addition to 2FA, the platform is introducing SVN passwords to further secure code commit access. These measures are a response to ongoing security … Read more
September 7, 2024 at 12:02PM The FreeBSD Foundation secured a €686,400 investment from Germany’s Sovereign Tech Fund, focused on security feature enhancements and improvements extending into 2025. Supported by the German Federal Ministry, STF actively funds open source projects vital to global digital infrastructure, with recent investments concentrated on security upgrades and technical debt reduction. … Read more
September 1, 2024 at 09:08AM The popular open-source project Docker-OSX, allowing virtualization of macOS on non-Apple hardware, has been removed from Docker Hub due to a DMCA takedown request from Apple, citing copyright violation. Although still available on GitHub without installer binaries, the case highlights legal challenges for open-source projects dealing with proprietary software and … Read more
August 15, 2024 at 05:09AM GitHub has launched Copilot Autofix, an AI-powered vulnerability remediation feature. It offers fix suggestions for various security defects, helping developers to address bugs in their code faster. During the public beta, it was found that developers were fixing vulnerabilities more than three times faster than manually. It will be available … Read more
August 14, 2024 at 01:31PM Researchers discovered an attack exploiting GitHub Actions artifacts, affecting open source projects of major companies like Google, Microsoft, and Amazon. This could have compromised millions of consumers, leaking tokens and allowing malicious actors to push code to production. The findings underscore the need for a holistic security approach and reevaluation … Read more
July 25, 2024 at 12:45PM Chainguard, a software supply chain security startup, raised $140 million in a new financing round, reaching a valuation in excess of $1 billion. The company, founded by ex-Google engineers, has raised a total of $256 million since its launch in late 2021. The funding will be used to expand into … Read more