Software Supply Chain Security
Supply Chain Dependency: What Your GitHub Connections May Trigger
The writing is on the walls, and it’s hard to avoid after the significant spike in attacks against GitHub repositories. The recent CircleCI breach, in which customers’ secrets and encryption keys were ...
GoDaddy Hosting Hacked — for FOURTH Time in 4 Years
GoDaddy’s web hosting service breached yet again. This time, the perps were redirecting legit websites to malware ...
Anker’s Eufy Admits ‘Lie’ After TWO Months — Still no Apology
Anker said its Eufy cameras never send unencrypted video. But a couple of months ago, researchers discovered they did. Despite the clear evidence, Anker denied, delayed and deflected ...
Another Password Manager Leak Bug: But KeePass Denies CVE
Two researchers report vulnerability in KeePass. But lead developer Dominik Reichl says it’s not a problem—and refuses to fix the flaw ...
After hack, CircleCI tells devs to update secrets now
In this latest attack on software development environments, the CircleCI platform may have exposed secrets used by millions of software developers ...