New York Sun

Breaking The Chain of Dependency

Is the American tradition of self-reliance disappearing? That’s a painful question for conservatives to ponder. After all, we’re dedicated to reducing the role of government and promoting individual ...
Forbes

Software Supply Chain Risks (And Steps To Strengthen Security)

As software supply chains grow increasingly interconnected, security threats continue to evolve. While common risks like third-party vulnerabilities and dependency issues are well-known, less-common ...
Dark Reading

Software Supply Chain Strategies to Parry Dependency Confusion Attacks

"What's in a name? That which we call a rose By any other name would smell as sweet." When Shakespeare wrote these words (Romeo and Juliet, Act 2, Scene 2) in 1596, he was saying that a name is just a ...
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
CSOonline

PyTorch suffers supply chain attack via dependency confusion

Users who deployed the nightly builds of PyTorch between Christmas and New Year’s Eve likely received a rogue package as part of the installation that siphoned off sensitive data from their systems.
SiliconANGLE

Chainguard introduces Java libraries for secure language dependency management

Secure software supply chain solution provider Chainguard Inc. today announced Chainguard Libraries, a new product line that offers secure language libraries for Java built directly from source in ...
Bleeping Computer

Latest Dependency Confusion news

PyTorch has identified a malicious dependency with the same name as the framework's 'torchtriton' library. This has led to a successful compromise via the dependency confusion attack vector. Microsoft ...