Microsoft-owned GitHub warns that a pair of newly discovered vulnerabilities continue to expose the soft underbelly of the open-source software supply chain. [Read More]
SolarWinds describes a new triple build model designed to ensure that software builds can never again be compromised in the way that Nobelium injected the Sunburst malware into its Orion software. [Read More]
The University of Toronto's Citizen Lab finds a new iOS zero-click exploit in an iPhone surveillance campaign targeting bloggers, activists and dissidents in Bahrain. [Read More]
A report from ClearSky documents a threat actor has been targeting multiple organizations in Israel using supply chain tools and impersonating known companies. [Read More]
Demo exploit code for a nasty Windows Print Spooler vulnerability is published online, prompting questions about the effectiveness of Microsoft's recent security update. [Read More]
For the sixth time this year, Google ships Chrome point-update to fix code execution holes that the company says is already being exploited by malicious hackers. [Read More]