#OpenSourceRisk

‘Almost every Apple device’ vulnerable to CocoaPods supply chain attack

by

July 2, 2024 at 03:39AM CocoaPods, a widely used open-source dependency manager for Swift and Objective-C apps, was found to have left thousands of packages exposed to takeover for nearly a decade. Security researchers from EVA Information Security identified multiple vulnerabilities, including supply chain attack opportunities, and potential remote code execution. The CocoaPods team has … Read more

Threat Actors Manipulate GitHub Search to Deliver Malware

by

April 12, 2024 at 07:36AM GitHub search results are being manipulated by threat actors to infect developers with persistent malware, Checkmarx warns. Attackers create malicious repositories with popular names and boost their search rankings using automated updates and fake stars. Unsuspecting users are lured to these repositories, unaware of the hidden dangers. Checkmarx stresses the … Read more