A new report revealed discrepancies in how CISOs and developers view their roles and responsibilities around software supply chain security.
The North Korean threat actor is leveraging the supply-chain attack to target MacOS keychains and reconnaissance data.
At the RSA Conference this week, government officials and cybersecurity executives mulled over the multiple layers of challenges in securing the software supply chain.
An intrusion at a separate company led to the supply chain attack on 3CX that was disclosed last month, investigators said.
GitHub is launching two new features that enable developers to create a private vulnerability reporting channel and provide provenance attestations for their packages.