Vet: Open-Source Software Supply Chain Security Tool - Help Net Security

Vet: Open-source software supply chain security tool - Help Net Security

Vet is an open source tool designed to help developers and security engineers spot risks in their software supply chains. It goes beyond traditional software composition analysis by detecting known vulnerabilities and flagging malicious packages. Vet supports several ecosystems, including npm, PyPI, Maven, Go, Docker, and GitHub Actions, making it useful across many types of projects. One of Vet’s key features is its use of real-time malicious p…

New PyPI Supply Chain Attacks Target Python And NPM Users On Windows And Linux - Cybernoz - Cybersecurity News

Checkmarx Zero researcher Ariel Harush has uncovered a sophisticated malicious package campaign targeting Python and NPM users across Windows and Linux platforms through typo-squatting and name-confusion attacks against popular packages. This coordinated supply chain attack demonstrates unprecedented cross-ecosystem tactics and advanced evasion techniques that security researchers warn represent an evolution in open-source threats. Cross-Ecosyst…

New PyPI Supply Chain Attacks Target Python and NPM Users on Windows and Linux

Checkmarx Zero researcher Ariel Harush has uncovered a sophisticated malicious package campaign targeting Python and NPM users across Windows and Linux platforms through typo-squatting and name-confusion attacks against popular packages. This coordinated supply chain attack demonstrates unprecedented cross-ecosystem tactics and advanced evasion techniques that security researchers warn represent an evolution in open-source threats. Cross-Ecosyst…

Backdoors in Python and NPM Packages Target Windows and Linux

Checkmarx uncovers cross-ecosystem attack: fake Python and NPM packages plant backdoor on Windows and Linux, enabling data theft plus remote control.

The Importance and Current State of Software Supply Chain Security

Software supply chain security has gained worldwide attention in recent years. This is a concept that encompasses the entire process by which software products are designed, developed, and distributed, along with all elements involved in that process. Following the SolarWinds hacking incident in late 2020, countries began to focus on software supply chain security. SolarWinds is an IT solutions and software provider with many Fortune 1000 compan…