Sonar
We discovered 4 critical code vulnerabilities in Gogs, a source code hosting solution, which are still unpatched. Read about the details and how to protect yourself.
Russia-linked 'Lumma' crypto stealer now targets Python devs
Sonatype's automated malware detection systems identified a malicious PyPI package called crytic-compilers, connected to Russia-linked Lumma Windows stealer, and named very closely after a well-known legitimate Python library that is used by cryptocurrency developers.
Steam Adds Security Layer for Devs After Some Had Their Accounts Compromised and Malware Was Injected in Games
Valve has added a new security layer for developers who publish their games on Steam after a few had their accounts hacked.