all InfoSec news
Lesson from Core-JS: Beware hidden dependencies from indebted Russian devs
Malware Analysis, News and Indicators - Latest topics malware.news
The Code-JS project is absolutely huge. Perhaps your project has a dependency on it? The likelihood is you’d never know.
But its sole developer is in trouble. Brilliant Russian coder Denis Pushkarev desperately needs money — he’s vulnerable to blackmail by the Russian government or its proxies. Who’s to say there isn't already a secret backdoor hiding inside core-js?
The software supply chain security alarm should be at DEFCON 2 by now. In this week’s Secure Software Blogwatch, we …
alarm backdoor blackmail code coder defcon dependencies dependency developer government hidden isn money project proxies russian secret security software software supply chain software supply chain security supply supply chain supply chain security vulnerable