Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Two different attackers poisoned popular open source tools – and showed us the future of supply chain compromise

(Aida L / Unsplash)

By Jessica Lyons

Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from tens of thousands – if not more – organizations. We won’t know the full blast radius for months.

Both targeted popular open source projects that are used by a ton of organizations and integrated into countless software products, apps and developer environments.

First, attackers hit Trivy, a vulnerability scanner with more than 100,000 users and contributors that is embedded in thousands of CI/CD pipelines. Up next: Axios, an open-source JavaScript library that has about 100 million weekly downloads and runs in 80 percent of cloud and code environments.

Read more at The Register

Click to listen highlighted text!