Malicious code in @neon-i18n/core-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis dbdc5bd090d8e85771f77fa3a7a113e08fbfb31de54ae399ed92565bdac246df The OpenSSF Package Analysis project identified '@neon-i18n/core-ui' @ 99.99.99 npm as malicious. It is considered malicious because: - The...

OpenSSF Flags Malware Campaign on Slack Posing as Linux Foundation Figures

OpenSSF warns hackers impersonate Linux Foundation leaders on Slack, tricking developers into installing malware that can compromise entire systems...

Malicious code in bos-decoration-elements (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cb5985779c5099333bec5b084b209c36dea0dd9fa47ef2c2d7c3630c33daaa5 The package bos-decoration-elements was found to contain malicious code. Source: ossf-package-analysis...

Google Created 'Open Source Maintenance Crew' to Help Secure Critical Projects

Google on Thursday announced the creation of a new "Open Source Maintenance Crew" to focus on bolstering the security of critical open source projects. Additionally, the tech giant pointed out Open Source Insights as a tool for analyzing packages and their dependency graphs, using it to determine...

A scanning tool for open-sourced software packages? Yes, please!

The Open Source Security Foundation OpenSSF, a collective of industry leaders aimed at improving the security of open-source software OSS, recently announced the release of a prototype tool that scans for malicious packages in open source repositories. This tool, conveniently called Package...

Here's a New Tool That Scans Open-Source Repositories for Malicious Packages

The Open Source Security Foundation OpenSSF has announced the initial prototype release of a new tool that's capable of carrying out dynamic analysis of all packages uploaded to popular open source repositories. Called the Package Analysis project, the initiative aims to secure open-source packag...

Rethinking IoT/OT Security to Mitigate Cyberthreats

We live in an exciting time. We’re in the midst of the fourth industrial revolution—first steam, followed by electricity, then computers, and, now, the Internet of Things. A few years ago, IoT seemed like a futuristic concept that was on the distant horizon. The idea that your fridge would be...

Microsoft Joins Open Source Security Foundation

Microsoft has invested in the security of open source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source Security Foundation OpenSSF, a new cross-industry collaboration hosted at the Linux Foundation. The OpenSSF brings...

Microsoft Joins Open Source Security Foundation

Microsoft has invested in the security of open source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source Security Foundation OpenSSF, a new cross-industry collaboration hosted at the Linux Foundation. The OpenSSF brings...