Welcome to the September 2025 edition of the OpenSSF Newsletter! Here’s a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community. TL;DR: 🎉...| Open Source Security Foundation
The recent npm compromise incident was bad—but it could have been much worse. In the real event, the malicious changes primarily targeted browser environments and [...]| IPConfig.in – What is My IP Address?
On Sept 8, a maintainer’s npm account was phished and attackers pushed malicious updates to 18 popular packages (including chalk and debug). The payload targeted browser environments and could hijack Web3 wallet interactions. Collectively, the impacted packages see billions of weekly downloads, so even short-lived exposure has a big blast radius.| IPConfig.in - What is My IP Address?
Driven by cyberattacks and new regulations, software supply chain security is a top concern that requires robust software identification. The post Why we need better software identification appeared first on Software Heritage.| Software Heritage
Okay, people, brace yourselves. We’ve officially entered the era where your automated systems are actively trying to steal your lunch money. It started subtly, a little hiccup in the matrix. But now? Now it’s a full-blown supply chain meltdown, and it all started with a seemingly innocuous GitHub Action called “tj-actions/changed-files.” Initially, it looked like […] The post The CI/CD Apocalypse: When Your Automated Builds Betray You appeared first on Poly Plugins.| Poly Plugins
In July 2022, the KubeEdge community completed a third-party security audit of KubeEdge and released a paper on cloud native edge computing security threat analysis and protection. Based on the security threat model and audit suggestions, the community consistently strengthens the KubeEdge software supply chain. Now, we are excited to announce that KubeEdge v1.13.0 (including both binary and container image artifacts), released on January 18, 2023, achieves SLSA 3 compliance, first of its kin...| KubeEdge Blog
