GitLab Continuous Integration pipelines are being targeted in a new software supply chain attack dubbed CrateDepression, which involves malware deployment, reports SecurityWeek.

Following its recent attack against Costa Rica, the Conti ransomware group has reportedly ceased operations, according to BleepingComputer.

Google has introduced the new Assured Open Source Software service, which offers access to Google developers' secure packages for enterprise open-source software users in an effort to strengthen software supply chain security, reports ZDNet.

CyberScoop reports that increasingly prevalent ransomware attacks targeted at the water industry have prompted greater insurance challenges for water companies.

The U.S. Department of Defense is expecting an interim rule for Cybersecurity Maturity Model Certification program requirements aimed at strengthening defense contractors' networks and controlled unclassified information security by March 2023 as it hopes to begin adopting the program by May of the same year, according to FedScoop.

BleepingComputer reports that malicious actors could exploit a critical vulnerability within the Jupiter Theme and JupiterX Core plugins for WordPress to facilitate privilege escalation.

Threatpost reports that most advanced persistent threat groups have been exploiting already known security flaws, in cyberattacks.

Security practitioners worldwide have similar objectives – and that why the security guidelines outlined by NIST are so powerful.