Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
Tech Xplore

Unstable software tests ripple through 55% of OpenStack projects, costing 1,156 developer days

In a study published in IEEE Transactions on Software Engineering, researchers from Kyushu University have found that "flaky ...
SecurityWeek

Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate

Novee researchers discovered an account takeover vulnerability in the open source CFP management tool Pretalx.
Microsoft

The Gentlemen ransomware: Dissecting a self-propagating Go encryptor

Microsoft Threat Intelligence presents a comprehensive analysis of The Gentlemen, a Go-based ransomware deployed by ...