Yahoo Finance

Introducing Chainguard Libraries for JavaScript: Malware-Resistant Dependencies Built Entirely from Source

The risk in the JavaScript ecosystem isn't theoretical: earlier this month, a number of packages used by millions of developers were compromised via malicious code. These malware attacks against ...
CoinTelegraph

Crypto users urged to take extreme care as NPM attack hits core JavaScript libraries

The breach hit core JavaScript libraries such as chalk and strip-ansi, downloaded billions of times each week, raising alarms over the security of open-source software. Hackers have compromised widely ...
TechCrunch

Linux Foundation report highlights the true state of open source libraries in production apps

There are many metrics to track the prevalence of open source components, such as GitHub stars and downloads, but they don’t paint the full picture of how they’re being used in production codebases.
Bleeping Computer

Popular npm linter packages hijacked via phishing to drop malware

Popular JavaScript libraries were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. The attacker(s) used stolen ...
BW Businessworld

Open Source Malware Jumps 140% Targeting Global Software Supply Chains

A Sonatype report reveals a sharp rise in sophisticated attacks hiding in trusted code libraries, with data theft becoming ...
Ars Technica

AI-generated code could be a disaster for the software supply chain. Here’s why.

AI-generated computer code is rife with references to non-existent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages ...
TechCrunch

Oligo raises $28M to secure open source libraries at runtime

Oligo Security, a Tel Aviv-based startup that focuses on runtime application security and observability to detect and prevent open source vulnerabilities, is coming out of stealth today and announcing ...