Communications of the ACM

Fifty Years of Open Source Software Supply-Chain Security

An open source software supply-chain vulnerability is an exploitable weakness in trusted software caused by a third-party, ...
Developer Tech

XZ attack reveals unlearned open-source security lessons

The XZ attack is a backdoor that reminds us our biggest open-source security threats are from decades of unlearned lessons.
Security Boulevard

The New Perimeter is Your Supply Chain

Alan examines why the software supply chain has become the new perimeter in cloud-native security. From SBOMs to SLSA and Sigstore, discover how leaders can defend against attacks that target ...
Redmondmag.com

How Generative AI Is Changing the Cybersecurity Battlefield

AI is reshaping offensive security tactics and challenging defenders to respond at unprecedented speed. When: Nov. 20, 1:00-2 ...
Security Boulevard

“Shai-Hulud” npm Attack: What You Need to Know

Inspect your GitHub account for a repository named “Shai-Hulud.” The malware automatically creates this repo to store exfiltrated secrets. If it exists, remove it immediately, and carefully review its ...
Computer Weekly

Are AI agents a blessing or a curse for cyber security?

Agentic AI is touted as a helpful tool for managing tasks, and cyber criminals are already taking advantage. Should information security teams look to AI agents to keep up?