RE: https://mastodon.social/@TommyLofstedt/116137631196333408

About a week left to apply for this #phd project where we will develop novel #machinelearning methods for #softwaresecurity.

Transitive dependencies make vulnerability exposure difficult to map across large engineering environments.

Ben Benhemo, Security Innovation Engineer at Sola Security, explains:
“Widely used components are often included both directly and indirectly through transitive dependencies, making it harder for organizations to quickly understand their true exposure once a vulnerability is disclosed.”

Read the interview:
https://www.technadu.com/when-transitive-dependencies-include-vulnerable-components-ownership-gaps-slow-remediation-leaving-enterprises-struggling-to-map-exposure/623044/

#AppSec #RCE #SBOM #CVE #SoftwareSecurity

🚨 Supply chain attacks: Your npm dependencies are already compromised.

Three vectors:
1. Typosquatting (reqest vs request)
2. Compromised owner accounts
3. Malicious "helpful" packages

2,847 malicious packages in 2025. How many are in your production codebase?

Defense guide: https://tiamat.live/analysis/supply-chain-attacks?ref=masto-supply-chain

#DevSecOps #SoftwareSecurity #SupplyChain

Supply chain alert:
Cline CLI v2.3.0 was published with a compromised npm token.

It auto-installed OpenClaw via a hidden postinstall script.

~4,000 downloads in 8 hours.
No malware - but unauthorized execution in dev environments.

Are AI agents in CI/CD pipelines becoming the next major trust boundary risk?

Source: https://thehackernews.com/2026/02/cline-cli-230-supply-chain-attack.html

Follow @technadu for independent cybersecurity reporting.
Join the discussion below.

#CyberSecurity #SupplyChainAttack #AIsecurity #OpenSource #DevSecOps #Infosec #SoftwareSecurity

#WhatsApp has rewritten its media handling library in #RustLang!

The result❓ The codebase dropped from 160,000 lines of C++ to 90,000 while adding robust memory safety protections.

Running on billions of devices - Android phones, iPhones, desktops, watches, and web browsers - this marks one of the largest client-side Rust deployments to date.

Find out more: https://bit.ly/4tv205g

#SoftwareDevelopment #SoftwareSecurity #MemoryLeaks #InfoQ

#Cedar - an #opensource authorisation policy language and SDK - has officially joined the Cloud Native Computing Foundation (#CNCF) as a Sandbox project!

It aims to provide a vendor-neutral standard for defining and enforcing fine-grained permissions in modern applications.

Details here 👉 https://bit.ly/3LMktJP

#DevOps #PolicyAsCode #SoftwareSecurity #Governance #InfoQ