supply chain attack

Rapid7 disclosed that unauthorized third-party had access to source code and customer data as result of Codecov supply chain attack. Cyber security vendor Rapid7 reveals it was impacted by the Codecov software supply chain attack, attackers had access to data for part of its customers and a small subset of its source code repositories for […]

The post Rapid7 says source code, credentials accessed as a Rresult of Codecov supply-chain attack appeared first on Security Affairs.

Read More Rapid7 says source code, credentials accessed as a Rresult of Codecov supply-chain attack

A vulnerability in the PHP Composer could have allowed an attacker to execute arbitrary commands and backdoor every PHP package. The maintainers of the PHP Composer package have addressed a critical vulnerability, tracked as CVE-2021-29472, that could have allowed an attacker to execute arbitrary commands and establish a backdoor in every PHP package. Composer is the major […]

The post Command injection flaw in PHP Composer allowed supply-chain attacks appeared first on Security Affairs.

Read More Command injection flaw in PHP Composer allowed supply-chain attacks