U.S. National Cyber Director Sean Cairncross has been urged by Senate Intelligence Committee Chair Tom Cotton, R-Ark., to combat risks associated with the growing involvement of China and Russia in open-source software development, CyberScoop reports.
Nearly 200 nefarious npm packages, which have raked in over 31,000 total downloads, have been leveraged by North Korean hackers to facilitate the distribution of a new OtterCookie malware variant that features BeaverTail capabilities as part of the Contagious Interview attack campaign, reports The Hacker News.
BleepingComputer reports that over 17,000 secrets have been leaked by public repositories on the web-based Git platform GitLab Cloud, which is almost threefold more than those exposed by Bitbucket repositories.
Old Python packages' bootstrap files are impacted by a security weakness that could enable a domain takeover attack-based supply chain compromise of the Python Package Index, according to The Hacker News.