CSOonline

Open source package entry points could be used for command jacking

Open source application packages, including those in Python and JavaScript, have a vulnerability in their entry points that could be used by threat actors to execute malicious code to steal data, ...
Wired

AI Code Hallucinations Increase the Risk of ‘Package Confusion’ Attacks

AI-generated computer code is rife with references to nonexistent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages ...
Ars Technica

AI-generated code could be a disaster for the software supply chain. Here’s why.

AI-generated computer code is rife with references to non-existent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages ...
CSOonline

Malicious open-source software packages have exploded in 2024

The open-source development ecosystem has experienced a significant rise in malicious software components, putting enterprises on high alert for software supply chain attacks. Malware is infiltrating ...