𝐑𝐞𝐠𝐢𝐬𝐭𝐞𝐫 𝐍𝐨𝐰 𝐟𝐨𝐫 𝐭𝐡𝐞 𝐋𝐚𝐬𝐭 𝐒𝐚𝐟𝐞𝐃𝐞𝐯 𝐓𝐚𝐥𝐤 𝐨𝐟 𝐭𝐡𝐞 𝐘𝐞𝐚𝐫: 𝐒𝐨𝐟𝐭𝐰𝐚𝐫𝐞 𝐒𝐮𝐩𝐩𝐥𝐲 𝐂𝐡𝐚𝐢𝐧 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝟐𝟎𝟐𝟒 𝐖𝐫𝐚𝐩-𝐔𝐩!
Join us for a special episode that reunites the expert speakers who started our year with insights on Software Supply Chain Security. Together, we’ll review the key trends and lessons of 2024 and explore what lies ahead for 2025.

We are thrilled to share our latest eBook that provides expert guidance on implementing effective Software Composition Analysis (SCA) to tackle vulnerabilities, ensure compliance, and protect against emerging threats in your open-source dependencies!

In this blog post, Xygeni discusses about the backdoor discovery in the xz compression utility’s liblzma library. The backdoor, targeting SSH servers, was introduced through obfuscated code modifications and affected certain Linux environments. It used advanced obfuscation techniques to hide in pre-release versions, activating under specific conditions to enable remote command execution. Read all about it!

𝐑𝐞𝐠𝐢𝐬𝐭𝐞𝐫 𝐍𝐨𝐰 to our next episode of SafeDev Talks and 𝐭𝐮𝐫𝐧 𝐒𝐂𝐀 𝐜𝐡𝐚𝐥𝐥𝐞𝐧𝐠𝐞𝐬 𝐢𝐧𝐭𝐨 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐰𝐢𝐧𝐬! Don’t miss this opportunity to learn from top experts how to overcome false positives, boost visibility, prioritize real risks, and automate remediation, transforming SCA pain points into actionable security gains.

While the presence of malicious code in package registries is well-known, there are other strange or unusual behaviors that completely go unnoticed by the regular users of these registries. Even for those of us who keep a close watch on them, it is not easy to find a reason or explanation for such behavior. Read about it!