Dark Reading

35K Malicious Code Insertions in GitHub: Attack or Bug-Bounty Effort?

A hacker going by the handle "Pl0xP" cloned a large number of GitHub repositories and slightly changed the cloned repository names, in a typosquatting effort to impersonate legitimate projects — thus ...
Hosted on MSN

Trellix just admitted hackers broke into its own source-code repository — exposing the cybersecurity firm’s internal tools to outsiders

A cybersecurity company trusted to guard some of the largest networks in the country has confirmed that hackers penetrated its own source-code repository. Trellix, whose endpoint detection and ...
Bleeping Computer

35,000 code repos not hacked—but clones flood GitHub to serve malware

Thousands of GitHub repositories were copied with their clones altered to include malware, a software engineer discovered today. While cloning open source repositories is a common development practice ...
ZDNet

10 trillion downloads are crushing open-source repositories - here's what they're doing about it

Open-source repositories are collapsing under the strain of 10 trillion downloads annually. All the major repositories are joining together to tackle this problem. While a lack of funds is a major ...
CSOonline

Google to launch repository service with security-tested versions of open-source software packages

The paid Assured Open Source Software service will offer common open-source packages after vetting the provenance of its code and dependencies. Developers across the enterprise space are concerned ...