software supply chain attack

10 malicious Python packages exposed in latest repository attack

Enlarge / Supply-chain attacks, like the latest PyPi discovery, insert malicious code into seemingly functional software packages used by developers. They’re becoming increasingly common. (credit: Getty Images) Researchers have discovered yet another set of malicious packages in PyPi, the official and most popular repository for Python programs and code libraries. Those duped by the seemingly familiar… Read More »

SolarWinds hack that breached gov networks poses a “grave risk” to the nation

reader comments 61 with 46 posters participating, including story author Share this story The supply chain attack used to breach federal agencies and at least one private company poses a “grave risk” to the United States, in part because the attackers likely used means other than just the SolarWinds backdoor to penetrate networks of interest,… Read More »