GitLab Continuous Integration pipelines are being targeted in a new software supply chain attack dubbed CrateDepression, which involves malware deployment, reports SecurityWeek.
Google has introduced the new Assured Open Source Software service, which offers access to Google developers' secure packages for enterprise open-source software users in an effort to strengthen software supply chain security, reports ZDNet.
CyberScoop reports that increasingly prevalent ransomware attacks targeted at the water industry have prompted greater insurance challenges for water companies.
The U.S. Department of Defense is expecting an interim rule for Cybersecurity Maturity Model Certification program requirements aimed at strengthening defense contractors' networks and controlled unclassified information security by March 2023 as it hopes to begin adopting the program by May of the same year, according to FedScoop.
BleepingComputer reports that malicious actors could exploit a critical vulnerability within the Jupiter Theme and JupiterX Core plugins for WordPress to facilitate privilege escalation.