reader comments 12 with 12 posters participating Share this story Researchers have found another 17 malicious packages in an open source repository, as the use of such repositories to spread malware continues to flourish. This time, the malicious code was found in NPM, where 11 million developers trade more than 1 million packages among each… Read More »
reader comments 39 with 30 posters participating Share this story PyPI—the open source repository that both large and small organizations use to download code libraries—was hosting 11 malicious packages that were downloaded more than 41,000 times in one of the latest reported such incidents threatening the software supply chain. JFrog, a security firm that monitors… Read More »
Enlarge / Öppna Skolplattformen hoped to succeed where Skolplattform had failed. Comstock | Getty Images reader comments 8 with 8 posters participating Share this story Christian Landgren’s patience was running out. Every day the separated father of three was wasting precious time trying to get the City of Stockholm’s official school system, Skolplattform, to work… Read More »
Enlarge / It probably shouldn’t be considered “surprising” when a Linux certification entity reports that Linux certifications are highly desirable. reader comments 37 with 29 posters participating, including story author Share this story The Linux Foundation released its 2021 Open Source Jobs Report this month, which aims to inform both sides of the IT hiring… Read More »
reader comments 37 with 25 posters participating, including story author Share this story SushiSwap’s chief technology officer says the company’s MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets all from one place. Launched earlier this year,… Read More »
Getty Images reader comments 38 with 32 posters participating Share this story A security flaw in Travis CI potentially exposed the secrets of thousands of open source projects that rely on the hosted continuous integration service. Travis CI is a software-testing solution used by over 900,000 open source projects and 600,000 users. A vulnerability in… Read More »
reader comments 85 with 63 posters participating, including story author Share this story Open source packages downloaded an estimated 30,000 times from the PyPI open source repository contained malicious code that surreptitiously stole credit card data and login credentials and injected malicious code on infected machines, researchers said on Thursday. In a post, researchers Andrey… Read More »
Getty Images reader comments 70 with 58 posters participating Share this story Counterfeit packages downloaded roughly 5,000 times from the official Python repository contained secret code that installed cryptomining software on infected machines, a security researcher has found. The malicious packages, which were available on the PyPI repository, in many cases used names that mimicked… Read More »
Enlarge / FreeBSD’s core development team, for the most part, does not appear to see the need to update their review and approval procedures. (credit: Aurich Lawson (after KC Green)) At first glance, Matthew Macy seemed like a perfectly reasonable choice to port WireGuard into the FreeBSD kernel. WireGuard is an encrypted point-to-point tunneling protocol,… Read More »
reader comments 146 with 85 posters participating, including story author Share this story Over the weekend, word emerged that a hacker breached far-right social media website Gab and downloaded 70 gigabytes of data by exploiting a garden-variety security flaw known as an SQL injection. A quick review of Gab’s open source code shows that the… Read More »