Exclusive: Chainguard extends Repository scanning and policies to Java, Python and containers

Secure software supply chain solution provider Chainguard Inc. today expanded its Chainguard Repository product with malware ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the ...
The Hacker News

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development environment (IDE) are updated automatically to a newer version in ...
The Hill

House passes new Ukraine aid package, with 18 Republicans bucking Trump

Editor’s note: This file has been updated to correct House Majority Leader Steve Scalise’s title. The GOP-controlled House on Thursday passed legislation authorizing funding for military aid to ...
martincid.com

Malicious code hid inside Red Hat’s npm packages and spread to steal cloud keys

Some of the software building blocks shipped under Red Hat’s name spent a stretch of time quietly working against the people who installed them. Hidden inside more than 30 packages in the company’s ...