Cloud Security
GitHub beefs up its secret scanning feature, now allowing users to check the validity of exposed credentials for major cloud services.
Hi, what are you looking for?
SecurityWeek
Supply Chain Security
The discovery of the XZ Utils backdoor reminds an F-Droid developer of a similar incident that occurred a few years ago.
Supply Chain Security
Urgent security alerts issued as malicious code was found embedded in the XZ Utils data compression library used in many Linux distributions.
Malware & Threats
Maintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload...
Funding/M&A
Los Angeles firmware and software supply chain firm banks $10.5 million in seed-stage funding led by Two Bear Capital.
Supply Chain Security
Join the fully immersive virtual event us as we explore the critical nature of software and vendor supply chain security issues. (Login Now)
Artificial Intelligence
SecurityWeek talks to hundreds of industry experts from dozens of companies covering seven primary topics.
Identity & Access
The Linux Foundation has announced OpenPubkey, an open source cryptographic protocol that should help boost supply chain security.
Government
CISA unveils a new Hardware Bill of Materials (HBOM) framework for buyers and sellers to communicate about components in physical products.
Artificial Intelligence
Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages.
Supply Chain Security
Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.
Malware & Threats
A new APT group called Carderbee has been observed deploying the PlugX backdoor via a supply chain attack targeting organizations in Hong Kong.
Application Security
Google sprinkles magic of generative-AI into its open source fuzz testing infrastructure and finds immediate success with code coverage.
Government
The US government's cybersecurity agency describes UEFI as "critical attack surface" that requires urgent security attention.
Funding/M&A
Endor Labs has closed a massive $70 million Series A round of financing to fuel ambitious plans to build a dependency lifecycle management platform.
Funding/M&A
San Francisco startup Socket raises $20 million as investors continue to bet on companies in the open source software security category.
Supply Chain Security
Signing code is very important to defend against supply chain attacks, but it’s also one of the most cumbersome to implement for internal development.
Funding/M&A
Infisical banks $2.8 million in seed funding as investors continue to bet on companies in the software supply chain security space.
Malware & Threats
Palo Alto Networks has started releasing hotfixes for the firewall zero-day CVE-2024-3400, which some have linked to North Korea’s Lazarus.
Cloud Security
Artificial Intelligence
Malware & Threats
CISO Conversations
Data Breaches
Cisco Duo warns that breach exposed phone numbers, phone carriers, metadata and other logs that could lead to downstream social engineering attacks.
Application Security
