Lucene search
K

251 matches found

The Hacker News
The Hacker News
added 2026/06/08 6:8 a.m.17 views

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

Microsoft has announced that Visual Studio Code VS Code will apply a two-hour delay before extensions for the integrated development environment IDE are updated automatically to a newer version in an attempt to tackle software supply chain threats. "When automatic updates are enabled, new version...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/02 12:0 a.m.5 views

Architectural Implications of the UK Cyber Security and Resilience Bill

The UK Cyber Security and Resilience CS&R Bill represents the most significant reform of UK cyber legislation since the Network and Information Systems NIS Regulations 2018. While existing analysis has addressed the Bill's regulatory requirements, there is a critical gap in guidance on the...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/02 12:0 a.m.6 views

Exploiting PendingIntent Provenance Confusion to Spoof Android SDK Authentication

A single authentication bypass in a partner SDK grants attackers the identity of every partner in the ecosystem -- and millions of apps use SDKs with exactly this vulnerability. OWASP's 2024 Mobile Top 10 ranks Inadequate Supply Chain Security as the second most critical mobile risk, explicitly...

6AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/02/27 9:28 p.m.6 views

CVE-2026-28407

malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archiv...

6.9CVSS5.9AI score0.00222EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/02/27 9:28 p.m.2 views

CVE-2026-28407

malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archiv...

6.9CVSS7.2AI score0.00222EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/01/17 12:0 a.m.4 views

Many Hands Make Light Work: An LLM-Based Multi-Agent System for Detecting Malicious PyPI Packages

Malicious code in open-source repositories such as PyPI poses a growing threat to software supply chains. Traditional rule-based tools often overlook the semantic patterns in source code that are crucial for identifying adversarial components. Large language models LLMs show promise for software...

5.5AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/12/23 11:52 p.m.9 views

Strengthening supply chain security: Preparing for the next malware campaign

The open source ecosystem continues to face organized, adaptive supply chain threats that spread through compromised credentials and malicious package lifecycle scripts. The most recent example is the multi-wave Shai-Hulud campaign. While individual incidents differ in their mechanics and speed,...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/22 10:31 p.m.18 views

CVE-2025-65109

Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have acce...

8.5CVSS6.8AI score0.00244EPSS
Exploits0References2
NVD
NVD
added 2025/11/21 10:16 p.m.8 views

CVE-2025-65109

Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have acce...

8.5CVSS0.00244EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.11 views

PT-2025-47814

Name of the Vulnerable Software and Affected Versions Minder Helm version 0.20241106.3386+ref.2507dbf Minder Go versions 0.0.72 through 0.0.83 Description Minder is an open source software supply chain security platform. Minder users may be able to retrieve content through the Minder server that...

8.5CVSS6.7AI score0.00244EPSS
Exploits0References11
Packet Storm News
Packet Storm News
added 2025/11/15 12:0 a.m.3 views

Software Supply Chain Security of Web3

Web3 applications, built on blockchain technology, manage billions of dollars in digital assets through decentralized applications dApps and smart contracts. These systems rely on complex, software supply chains that introduce significant security vulnerabilities. This paper examines the software...

7.1AI score
Exploits0
EUVD
EUVD
added 2025/11/12 4:47 p.m.5 views

EUVD-2025-150015

Malicious code in teagood-cuekin32 npm...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/11 12:0 a.m.7 views

Publish Your Threat Models! the Benefits Far Outweigh the Dangers

Threat modeling has long guided software development work, and we consider how Public Threat Models PTM can convey useful security information to others. We list some early adopter precedents, explain the many benefits, address potential objections, and cite regulatory drivers. Internal threat...

6.5AI score
Exploits0
Filippo.io
Filippo.io
added 2025/10/23 1:49 p.m.13 views

The Geomys Standard of Care

One of the most impactful effects of professionalizing open source maintenance is that as professionals we can invest into upholding a set of standards that make our projects safer and more reliable. The same commitments and overhead that are often objected to when required of volunteers should b...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/10/20 10:47 a.m.12 views

131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign

Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale. The 131 spamware extensions share the same codebase, design patterns, and infrastructure, according to...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2010-2381

Malware in sbrugna...

1.9CVSS6.1AI score0.00308EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-2072

Malicious code in bioql PyPI...

5.7CVSS5.8AI score0.0046EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-1208

Malicious code in bioql PyPI...

4.3CVSS6.4AI score0.00765EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-1605

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00465EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-0695

Malicious code in bioql PyPI...

7.5CVSS5.7AI score0.00553EPSS
Exploits1References5
Rows per page
Query Builder