June 28, 2024 at 05:48AM The polyfill.io domain was suspended due to reports of malicious activity, with the Chinese owner claiming defamation. The domain was used to host polyfills, but reports of potential supply chain risks surfaced. Industry players like Google and Cloudflare took action, redirecting links and warning users. Funnull, the Chinese content delivery … Read more
February 27, 2024 at 03:27PM The US government is urging software manufacturers to release timely, comprehensive documentation of security vulnerabilities to enhance efforts in measuring code quality and safety. The White House emphasizes the need for long-term investment incentives and the adoption of memory-safe programming languages to improve cybersecurity across the digital ecosystem. This industry-wide … Read more
November 14, 2023 at 06:57AM Dependabot, a tool that automates checking and updating outdated dependencies in software projects, has revolutionized software maintenance tasks. However, security firm Checkmarx has warned of malicious actors impersonating Dependabot to deceive developers into accepting unauthorized changes. This incident highlights the vulnerabilities in CI/CD pipelines, which connect external tools and platforms … Read more