#SoftwareRepositories

Japan Blames North Korea for PyPI Supply Chain Cyberattack

by

March 10, 2024 at 08:02PM Japanese cybersecurity officials issued a warning about North Korea’s Lazarus Group targeting the PyPI software repository with tainted Python packages, infecting Windows machines with the Comebacker Trojan. Gartner’s Dale Gardner describes Comebacker as a general purpose Trojan. The attack is a form of typosquatting and may disproportionately impact developers in … Read more

CISA and OpenSSF Release Framework for Package Repository Security

by

February 12, 2024 at 06:27AM The U.S. CISA and OpenSSF are collaborating to establish the Principles for Package Repository Security, a framework aiming to enhance security in open-source software ecosystems. It outlines four security maturity levels and emphasizes the importance of continual security improvements. This development addresses growing security concerns related to open-source software in … Read more