DevSecOps

More than 14,100 users compromised by malicious PyPI packages.

The 23.7 million number was 25% more than the year before, despite attempts to crack down on exposures.

Win32 bug patched as part of this month's Patch Tuesday.

Organizations developing software have been urged by the FBI and Cybersecurity and Infrastructure Security Agency to eradicate buffer overflow vulnerabilities by implementing secure-by-design principles, The Register reports.

New PyPI archiving system aims to curb open-source security risks.

Fake LDAPNightmare PoC deploys infostealing malware via malicious GitHub repo.

The BeaverTail malware is being used to spread malicious npm packages.

This week our MSP update also includes news about Ingram Micro's pursuit of a new public offering, Bellini-Capital company ConnectSecure's new Microsoft 365 Assessment Module, and an interview with Sonar's new channel chief.