DevOpsNPM package poses as legit Ethereum smart contract, injects Quasar RATSteve ZurierJanuary 2, 2025Quasar RAT has circulated in cybercrime and APT campaigns since July 2014.
Vulnerability ManagementMicrosoft: Immediate .NET installer link update neededSC StaffDecember 31, 2024Microsoft has called on .NET developers to ensure that their apps and developer pipelines no longer use azureedge.net domains amid the impending shutdown of Content Delivery Network provider Edgio, BleepingComputer reports.
AI/MLFive ways to tighten up Kubernetes securityRatan Tipirneni December 3, 2024Kubernetes will become the de facto GenAI app platform in 2025 – and here's why.
Cloud SecurityMalicious Python package collects AWS credentials via 37,000 downloadsSteve ZurierNovember 7, 2024Socket researchers say malicious package "Fabrice" has been live on PyPI since 2021.
IdentityOkta to help developers integrate identity management into AI customer agentsShaun NicholsOctober 17, 2024Okta is adding new tools to help companies manage and secure their AI-based agents
Network SecurityCommand-jacking used to launch malicious code on open-source platformsSteve ZurierOctober 14, 2024Attackers hijack legitimate commands and run malicious code to launch supply chain attacks.
DevSecOpsWhy SBOMs are not enough to manage modern software risksSaša ZdjelarSeptember 26, 2024SBOMs offer great insight into the software supply chain, but it takes strong controls to make the code secure. .
Network SecurityCritical vulnerabilities in Microchip ASF, MediaTek expose RCE risksSteve ZurierSeptember 23, 2024Security pros say teams should prioritize these two bugs because they potentially affect a wide range of IoT-based products.
