CrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacks

Cybercriminals used the Glassworm botnet to infect open source software projects with malware, and in turn hack the ...
The Next Web

Most data breaches start with a stolen password. Here’s how to fix that

Stolen credentials cause 80% of breaches, yet most teams still share passwords over Slack. Proton Pass for Business encrypts everything from $1.99/user/mo.
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.