Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In a stark reminder of the increasing risk to software supply chains, freelance talent platform Toptal is the latest high-profile organization impacted by a compromise of a GitHub account that led to the deployment of malicious npm packages with the capability to wipe developer machines and steal passwords. The breach, first disclosed last week, has shocked the developer community and exposed serious flaws in repository security, disclosure practices, and package ecosystem hygiene.

In a world of digital security and authentication, JSON Web Tokens (JWTs) have risen as a secure and lightweight way to transmit user information between services. JWTs are used for everything from single sign-on to API authorization, and they play a key role in modern web development. This article will answer the questions of what JWTs are, how they work, and how to use them securely, while referencing five leading articles on the topic.

Microsoft just made history. But not the kind you’re used to. For nearly four decades, the Blue Screen of Death (BSOD) haunted Windows users. One minute you’re sipping coffee. Next, your screen goes blue with a sad emoji and cryptic codes. However, Microsoft has now officially pulled the plug on this iconic crash screen.

Microsoft has now launched the public preview of the Azure DevOps Model Context Provider (MCP) Server in a brave attempt to change developer productivity. With this newly introduced capability, GitHub Copilot in Agent Mode can directly access a developer’s Azure DevOps project data and allow the developer to interact with its data and functions via the natural language commands provided by the Copilot, within the developer’s coding environment, such as Visual Studio Code or Visual Studio.

The move to remove PowerShell 2.0 from Windows 11 is strategic and long overdue. Microsoft is making this move to embrace modern, secure, and efficient system tools. PowerShell 2.0 has many inherent security issues tied to the deprecated framework and its reliance on deprecated encryption & validation protocols.

Keeping your software secure has become more important than ever due to various types of cybersecurity threats. If you are thinking about what measures you can take to protect it, then Continuous Signing in CI/CD is one way. Continuous Signing in CI/CD (Continuous Integration/Continuous Deployment) is a method that helps ensure that your code and data are protected throughout the development process.

Code integrity guarantees that software code remains uncorrupted, authentic, and protected throughout the lifetime of that software. Code integrity also protects software from changes made without proper authorization for malicious attack purposes through the installation of back doors, which is a simple form of malware, initiating unauthorized updates.

As quantum computing creeps closer, the cryptographic mechanisms on which today’s digital world relies are becoming more and more fragile. In a prescient move, AWS Key Management Service (KMS) now supports ML-DSA, one of the first post-quantum digital signatures, which has become a standard under FIPS 203. This is an important step in AWS’s broader efforts to prepare customers for the post-quantum secure future.

XML external entity injection or XXE, is a type of web security vulnerability and an application-layer cybersecurity attack. This vulnerability allows the hacker to interfere with an application while it is processing XML data. The attacker can inject unsafe XML entities into the application and can interact with systems to which the application has access. The hackers can also view files on the server and even perform remote code execution (RCE).

Jenkins is an open-source automation server that is widely used for continuous integration (CI) and continuous delivery (CD) in software development. It is an automated engine that builds, tests, and deploys the application so that development teams can routinely integrate code changes in a way that ensures the software is deployable. Created as the Hudson project in 2004, Jenkins has grown to become an infinitely extensible and customizable tool hosting an enormous ecosystem of plugins.