The Hacker News

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.
CSOonline

Google launches dependency API and curated package repository with security metadata

This week, Google launched a free API service that provides software developers with dependency data and security-related information on over 5 million software components across different programming ...
TechRepublic

Dependency Confusion Attacks: New Research Into Which Businesses are At Risk

Dependency confusion is becoming a serious cybersecurity threat. Learn which organizations are at risk and how to protect systems against these attacks. Application development often requires the ...