14 Apr AI SAST: How to Secure AI Code Before It Ships

Posted at 12:18h in Attacks Analysis, Code Security, Open-Source Security, SDLC by Fátima Said 0 Comments

Learn DevSecOps best practices and practical DevSecOps steps for secure CI/CD. Discover how to implement DevSecOps with real automation. ...

Read More

10 Apr How Can Malicious Code Do Damage?

Posted at 12:03h in Attacks Analysis, Code Security, Open-Source Security, SDLC by Fátima Said 0 Comments

Learn DevSecOps best practices and practical DevSecOps steps for secure CI/CD. Discover how to implement DevSecOps with real automation. ...

Read More

23 Oct Unmasking the Polyfill Attack: A Deep Dive

Posted at 17:53h in Attacks Analysis, Open-Source Security by Fátima Said 0 Comments

Protect your systems from the Polyfill attack and prevent future software supply chain attacks with real-time monitoring, dependency management, and proactive security measures....

Read More

11 Jun The Most Infamous Malware Attacks in History

Posted at 17:09h in Attacks Analysis by Fátima Said 0 Comments

Explore the most infamous malware attacks in history and their impact on cybersecurity. Learn how to protect against these threats ...

Read More

29 May NPM flooding case-study: “Down the Rabbit Hole looking for a Tea”

Posted at 13:53h in Attacks Analysis by José Antonio Garcel 0 Comments

Discover the intriguing NPM flooding case-study "Down the Rabbit Hole looking for a Tea" by José Antonio Garcel Díaz, revealing hidden anomalies and security insights. Read the full article now! ...

Read More

16 May Identifying and Managing Software Dependencies Attacks

Posted at 17:10h in Attacks Analysis, Open-Source Security by Fátima Said 0 Comments

Discover how to identify and defend against all types of software dependency attacks....

Read More

16 May Typosquatting vs. Copycat Packages: Understanding the Differences

Posted at 16:00h in Attacks Analysis, Open-Source Security by Fátima Said 0 Comments

Understand the differences between typosquatting and copycat packages, both tactics used to deceive users into downloading malicious software....

Read More

16 Apr What is Malicious Code and How Does it Work?

Posted at 17:44h in Attacks Analysis, SDLC by Fátima Said 0 Comments

Discover the insidious world of malicious code: from backdoors to ransomware. Learn how to safeguard your digital assets with advanced cybersecurity measures. Spotlighted in 'Software Supply Chain Security Deep-Dive,' we redefine cybersecurity with innovative solutions and real-time protection. ...

Read More

30 Jan The Ledger Attack: draining hardware cryptowallets

Posted at 13:00h in Attacks Analysis by Luis Rodríguez 0 Comments

Delve into the Ledger Attack, a spear-phishing SSC incident dissected by Xygeni's expert Luis Manuel Rodriguez Berzosa, revealing lessons in security, impact assessment, and incident response. ...

Read More

25 Jan 10 Malicious NPM Packages Uncovered: A Wake-up Call to Software Supply Chain Security

Posted at 19:22h in Attacks Analysis, Software Supply Chain by Jesús Cuadrado 0 Comments

Uncover malicious NPM packages and fortify your software supply chain with Xygeni's Early Warning Service. 10 malicious NPM packages were discovered and a new threat vector, djs13-fetcher, was identified. Learn how to protect your business from these threats. ...

Read More

15 Sep Strengthening Telco Defenses Against Supply Chain Attacks

Posted at 08:59h in Attacks Analysis, SDLC, Software Supply Chain by Jesús Cuadrado 0 Comments

Uncover the risk of supply chain attacks on telecoms, safeguard data, and embrace Software Bill of Materials (SBOM) for supply chain security....

Read More

26 Jul Bad.Build: The Latest Google Cloud Bug Threatening the Software Supply Chain

Posted at 11:29h in Attacks Analysis, Software Supply Chain by Miguel Angel Mederos 0 Comments

IntroductionOrca Security has recently identified a design flaw in Google Cloud Build service, named "Bad.Build." This flaw poses a serious security risk as it enables attackers to execute Privilege Escalation, granting them unauthorized entry into Google's Artifact Registry's code repositories.The consequences of this vulnerability extend...

Read More