Researchers Uncover Rust Supply-Chain Attack Targeting Cloud CI Pipelines

A case of software supply chain attack has been observed in the Rust programming language’s crate registry that leveraged typosquatting techniques to publish a rogue library containing malware.
Cybersecurity firm SentinelOne dubbed the attack “CrateDepression.”
Typosquatting attacks take place when an adversary mimics the name of a popular package on a public registry in hopes that developers

Read More