Poisoned Python and PHP packages purloin passwords for AWS access

More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.

RubyGems supply chain rip-and-replace bug fixed – check your logs!

Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself "Frank".

GitHub issues final report on supply-chain source code intrusions

Learn how to find out which apps you've given access rights to, and how to revoke those rights immediately in an emergency.

Beanstalk cryptocurrency heist: scammer votes himself all the money

Voting safeguards based on commuity collateral don't work if one person can use a momentary loan to "become" 75% of the community.

Wormhole cryptotrading company turns over $340,000,000 to criminals

It was the best of blockchains, it was the worst of blockchains... as Charles Dickens might have said.

S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]

Latest episode -listen to it or read it now!

JavaScript developer destroys own projects in supply chain “lesson”

Two popular open source JavaScript packages recently got "hacked" in a symbolic gesture by the original project creator.

Listen up 2 – CYBERSECURITY FIRST! How to protect yourself from supply chain attacks

Everyone remembers this year's big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.