November 10, 2023 at 07:00AM The US cybersecurity agency CISA, the NSA, and the ODNI have issued new guidance to help software vendors secure the software supply chain. The guidance focuses on assessing security measures throughout the software lifecycle, managing open source software and software bills of materials, and making recommendations for different phases of … Read more
November 1, 2023 at 11:46AM Chainguard, a supply chain security startup founded by former Google engineers, has secured $61 million in Series B financing led by Spark Capital. This brings their total venture capital investments to $116 million. Their flagship product, Chainguard Images, has gained traction among Fortune 500 companies and technology providers. Chainguard aims … Read more
October 31, 2023 at 08:18AM Malicious packages have been discovered on the NuGet package manager, deployed using a lesser-known method. The campaign, ongoing since August 2023, involves rogue packages delivering the SeroXen RAT remote access trojan. The threat actors behind the campaign are persistent, continuously publishing new malicious packages. The packages imitate popular ones and … Read more
October 15, 2023 at 01:53PM Valve is implementing additional security measures on Steam to address the recent outbreak of malware being pushed from compromised publisher accounts. Starting October 24, game developers will be required to pass an SMS-based security check before pushing updates, and the same requirement will be enforced for adding new users to … Read more