GitHub developers targeted by fake VS Code alerts spreading malware

The 'Discussions' section is being manipulated into delivering malware to software devs.
TechCrunch

Socket lands $4.6M to audit and catch malicious open source code

Securing the software supply chain is admittedly somewhat of a dry topic, but knowing which components and code go into your everyday devices and appliances is a critical part of the software ...
TechCrunch

Socket lands $20M investment to help companies secure open source software

Socket, a startup that provides a scanning tool to detect security vulnerabilities in open source code, today announced that it raised $20 million in a Series A round led by Andreessen Horowitz (a16z) ...
EDN

SSL/TLS secure-socket code for embedded devices

Segger's emSSL is a ground-up implementation of secure sockets that are the backbone of secure communications on the Internet today. Written to run on single-chip embedded devices, emSSL integrates ...

Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...