An Atlantic Council report looks at the impact of China's regulation - in effect now for two years - that requires organizations to submit notice of a software vulnerability to the Chinese government within two days of discovery.
The threat group used forged authentication tokens - with an acquired Microsoft account consumer signing key - to access the email accounts of more than two dozen organizations.
The Biden administration issued new guidance on software supply chain security for federal agencies, which includes requirements for self-attestations and SBOMs.
RubyGems is now requiring projects with more than 180 million downloads to use MFA, and may extend the requirement to other projects.
A recent campaign targeted Azure developers with malicious npm packages designed to look like legitimate tools.