Log4j

Software supply chain security is broader than SolarWinds and Log4J

Here's a comprehensive look at some of the lesser-known, but no less serious, types of software supply chain attacks.

Iran-backed hackers breached a US federal agency that failed to patch year-old bug

The U.S. government’s cybersecurity agency says hackers backed by the Iranian government compromised a federal agency that failed to patch against Log4Shell, a vulnerability fixed almost a year

North Korea’s Lazarus hackers are exploiting Log4j flaw to hack US energy companies

Security researchers have linked a new cyber espionage campaign targeting U.S., Canadian and Japanese energy providers to the North Korean state-sponsored Lazarus hacking group. Threat intelligence co

Protestware on the rise: Why developers are sabotaging their own code

Ax Sharma Contributor Share on X Ax Sharma is a security researcher and reporter. His areas of interest include open source software security, malware analysis, data breaches and scam investigations.

Study: 30% of Log4Shell instances remain unpatched

Considering recent APT41 attacks, organizations that continue to leave the Log4Shell flaw unaddressed are hitting the snooze button when it comes to the wake-up calls from attackers.

China-backed APT41 compromised ‘at least’ six US state governments

The prolific China APT41 hacking group, known for carrying out espionage in parallel with financially motivated operations, has compromised multiple U.S. state government networks, according to cybers

4 basic elements required for running production OSS smoothly

Companies need to put many elements in place to use OSS in production smoothly. Here’s how to get started.

Bug bounty giant HackerOne lands $49M, thanks to cloud adoption boon

Bug bounty and penetration testing startup HackerOne has raised a $49 million Series E following a year of massive cloud adoption fueled by work-from-home orders. The company — which mediates betwee

A CISO’s playbook for responding to zero-day exploits

We keep calling every new zero-day exploit a “wake up call,” but all we have been doing is collectively hitting the snooze button.