RubyGems is now requiring projects with more than 180 million downloads to use MFA, and may extend the requirement to other projects.
A recent campaign targeted Azure developers with malicious npm packages designed to look like legitimate tools.
Cybercriminals claim they have access to various shipping and logistics company networks, causing what researchers say could be a “precarious situation” for the struggling supply chain sector.
The Lazarus group has been recently observed “building supply-chain attack capabilities” by targeting a legitimate South Korean security software and an IT asset monitoring solution vendor.
Microsoft said that the threat group has used phishing and password-spraying attacks to compromise at least 14 IT service providers this year.