Develop Secure Software logo
Attackers leverage PyPI to sideload malicious DLLs
February 20, 2024

Attackers leverage PyPI to sideload malicious DLLs

RL discovered two malicious PyPI packages and a larger subsequent campaign of packages — highlighting that DLL sideloading is an emerging method for software supply chain attacks.
Read More
GitGot: GitHub leveraged to store stolen data
January 23, 2024

GitGot: GitHub leveraged to store stolen data

ReversingLabs researchers found two suspicious npm packages that demonstrate how GitHub is increasingly being used to easily deploy malware in novel ways.
Read More
The state of container security: 5 key steps to lock down releases
January 3, 2024

The state of container security: 5 key steps to lock down releases

Here are best practices — and recommendations for tooling — to modernize your software supply chain security approach.
Read More
8 CI/CD security best practices: Protect your software pipeline
November 14, 2023

8 CI/CD security best practices: Protect your software pipeline

Don't neutralize CI/CD business gains by failing to account for risk. Here are eight best practices to ensure your software development pipeline is secure.
Read More
Rust on Android goes bare metal: 3 key security benefits
October 19, 2023

Rust on Android goes bare metal: 3 key security benefits

Using Rust in bare-metal applications will make Android a safer platform — and have a broader impact on the Rust community. Here are three key takeaways.
Read More
VS Code hack shows how supply chain attacks can spread
March 27, 2023

VS Code hack shows how supply chain attacks can spread

The new Visual Studio Code IDE hack highlights the risk of spreading beyond the Extensions Marketplace. Here's how the threat can proliferate to npm.
Read More

SUBSCRIBE

Subscribe to the develop.secure.software newsletter to stay up to speed, learn best practices and more.