#OpenSourceRisks

Open Source Package Entry Points May Lead to Supply Chain Attacks

by

October 15, 2024 at 06:06AM Entry points in open-source packages across various programming languages are vulnerable to exploitation, posing risks for supply chain attacks. This highlights the need for enhanced security measures to protect against such vulnerabilities. The article is based on a post from SecurityWeek. **Meeting Takeaways:** 1. **Vulnerability Highlighted**: Entry points in software … Read more

15,000 Go Module Repositories on GitHub Vulnerable to Repojacking Attack

by

December 5, 2023 at 05:48AM Over 15,000 Go module repositories on GitHub are susceptible to “repojacking,” with vulnerabilities due to user name changes and account deletions. This exploit allows attackers to hijack supply chains by duplicating and publishing malicious modules. GitHub’s countermeasure is ineffective for Go modules, with a call for action from Go or … Read more