White House hosts open-source software security summit in light of expansive Log4j flaw

Written by Tim Starks Jan 13, 2022 | CYBERSCOOP Tech giants and federal agencies will meet at the White House on Thursday to discuss open-source software security, a response to…

More than 30,000 GitLab Servers Remain Unpatched

More than half of all GitLab installations are still vulnerable to a major unauthenticated, remote code execution GitLab flaw that was fixed in April 2021. GitLab is a web-based DevOps…

CISA warns of trojanized versions of JavaScript library’s NPM package

The warning comes days after three rogue packages, okhsa, klow, and klown discovered by DevSecOps firm Sonatype, were removed from the NPM repository. On Friday, the US Cybersecurity and Infrastructure…

GitHub Revokes Duplicate SSH Authentication Keys

The SSH protocol used by GitHub allows you to log in without a user name or password. To do this, users would need to establish an SSH keypair and add…