Dark Reading

35K Malicious Code Insertions in GitHub: Attack or Bug-Bounty Effort?

A hacker going by the handle "Pl0xP" cloned a large number of GitHub repositories and slightly changed the cloned repository names, in a typosquatting effort to impersonate legitimate projects — thus ...
ZDNet

10 trillion downloads are crushing open-source repositories - here's what they're doing ...

Open-source repositories are collapsing under the strain of 10 trillion downloads annually. All the major repositories are joining together to tackle this problem. While a lack of funds is a major ...
Bleeping Computer

35,000 code repos not hacked—but clones flood GitHub to serve malware

Thousands of GitHub repositories were copied with their clones altered to include malware, a software engineer discovered today. While cloning open source repositories is a common development practice ...
CSOonline

Google to launch repository service with security-tested versions of open-source software ...

The paid Assured Open Source Software service will offer common open-source packages after vetting the provenance of its code and dependencies. Developers across the enterprise space are concerned ...
来自MSN

Trellix just confirmed hackers broke into its own source code repository — exposing the ...

A cybersecurity company trusted to protect some of the largest networks in the country has itself been breached. Trellix, the endpoint detection and response (EDR) vendor born from the merger of ...