SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack

The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the "tj-actions/changed-files" GitHub Action has been traced further back to the theft of a personal access token PAT related to SpotBugs. "The attackers obtained initial acce...

SUSE-SU-2024:4054-1 Security update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop

This update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop fixes the following issues: xmlgraphics-fop was updated from version 2.8 to 2.10: - Security issues fixed: CVE-2024-28168: Fixed improper restriction of XML External Entity XXE reference bsc1231428 -...

Tai-e - An Easy-To-Learn/Use Static Analysis Framework For Java

Tai-e What is Tai-e? Tai-e Chinese: 太阿; pronunciation: ˈtaɪə: is a new static analysis framework for Java please see our technical report for details, which features arguably the "best" designs from both the novel ones we proposed and those of classic frameworks such as Soot, WALA, Doop, and...