The ‘Miasma’ worm source code briefly leaked on GitHub

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain ...

Why automated open source scans don't guarantee license compliance

Hannah Dacayanan of UnitedLex discusses ways in which automated software composition analysis tools identify open source ...
Dark Reading

Trellix Source Code Breach Highlights Growing Supply Chain Threats

Cybersecurity vendor Trellix published a terse statement last Friday, disclosing that a threat actor recently gained unauthorized access to "a portion of our source code repository." Trellix did not ...