InfoWorld

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, this time targeting the widely-used AntV enterprise data visualization tool.
Infosecurity-magazine.com

GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension

The Microsoft-owed software developer platform, GitHub, has confirmed a third-party has gained unauthorized access to 3800 internal repositories. The breach was detected on May 19 and likely comes ...

Stop managing vulnerabilities and start managing scanner assumptions

Run two industry-standard scanners on the same container image and you will get two entirely different answers.
GitHub

pyca/cryptography

cryptography is a package which provides cryptographic recipes and primitives to Python developers. Our goal is for it to be your "cryptographic standard library". It supports Python 3.9+ and PyPy3 ...

Signal Veterans Want to Encrypt Slack, Google Docs, and Basically Every Other App

A team of developers, including the co-creator of the Signal protocol and contributors from Microsoft and Harvard, are ...

Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps

The new open-source project could serve as the basis for a future of apps with features as complex as Slack, Discord, or ...

AI-built ransomware toolkit automates EDR evasion, AD discovery

A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...