Unfortunately the string of phishing attacks using domain-confusionand legitimate-looking emails continues. This is the same attack PyPI saw a few months agoand targeting many other open source repositoriesbut with a different domain name. Judging from this, we believe this type of campaign will continuewith new domains in the future. InContinue Reading
Summary I recently responded to an attack campaign where malicious actors injected code into GitHub Actions workflows attempting to steal PyPI publishing tokens.PyPI was not compromised, and no PyPI packages were published by the attackers. Attackers targeted a wide variety of repositories, many of which had PyPI tokens stored asContinue Reading
Internet security is leveling up with MPIC. While your organization likely won’t need to do anything to prepare, here’s what to know about the industry’s changes and why they’re good for security Starting Sept 15, 2025, all publicly trusted certification authorities (CAs such as DigiCert, Sectigo, etc.) must perform domainContinue Reading
Sept. 10: Get actionable insights from 20+ global experts as they discuss PQC readiness assessments, migration plans, and other practical strategies DigiCert is hosting its second annual World Quantum Readiness Day on Wednesday, Sept. 10, 2025. This two-hour webinar, themed “Quantum Blueprint: From Business Justification to Technical Readiness,” will featureContinue Reading