Malicious Go and PyPI packages use Gmail and wget to exfiltrate data, wipe Linux disks, and hijack crypto credentials.

Ripple’s xrpl.js npm package backdoored on April 21, exposing 135K users’ private keys to attackers.

The Data Protection Commission has fined Meta $101M because 600 million Facebook and Instagram passwords were stored in plaintext.

https://isc.sans.edu/diary/rss/31282

he Go vulnerability database, https://vuln.go.dev, which provides a comprehensive source of information about known vulnerabilities in public Go modules. You can browse

GitHub will start requiring active developers to enable two-factor authentication (2FA) on their accounts beginning next week, on March 13.

De la gestion des dépendances dans le code sources...