ZDNet

Microsoft warns enterprises of new 'dependency confusion' attack technique

Microsoft has published a white paper on Tuesday about a new type of attack technique called a "dependency confusion" or a "substitution attack" that can be used to poison the app-building process ...
Bleeping Computer

Latest Dependency Confusion news

PyTorch has identified a malicious dependency with the same name as the framework's 'torchtriton' library. This has led to a successful compromise via the dependency confusion attack vector. Microsoft ...
Dark Reading

New Application Security Toolkit Uncovers Dependency Confusion Attacks

Dependency confusion is a pesky software development problem, as malicious actors employ a variety of tricks to trick developers and integrators into incorporating malicious software components into ...
Threat Post

Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow

Attackers have weaponized code dependency confusion to target internal apps at tech giants. Researchers have spotted malicious packages targeting internal applications for Amazon, Lyft, Slack and ...
Bleeping Computer

Microsoft's Halo dev site breached using dependency hijacking

Microsoft has once again been successfully hit by a dependency hijacking attack. Previously, as first reported by BleepingComputer, a researcher had ethically hacked over 35 major tech firms, ...
TechRepublic

Dependency Confusion Attacks: New Research Into Which Businesses are At Risk

Dependency Confusion Attacks: New Research Into Which Businesses are At Risk Your email has been sent Dependency confusion is becoming a serious cybersecurity threat. Learn which organizations are at ...