CyberSecurityBoard
Sponsor Register Login

Google Launches OSS Rebuild to Strengthen Security of The Open-Source Package Ecosystems - Cyber Security News

Google Security Blog analysts identified the malware’s tell-tale divergence between source and published bytecode after comparing upstream commits with registry payloads, underscoring the need for reproducible builds at scale. OSS Rebuild answers that need by deriving declarative build definitions, executing them in monitored sandboxes, and exposing bit-level diffs when the rebuilt artifact deviates from what users would normally install. Google’s newly announced OSS Rebuild initiative confronts this problem head-on by automatically rebuilding Python, JavaScript, and Rust packages in hermetic environments and publishing cryptographically signed SLSA provenance for each artifact. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. By shifting trust from opaque CI pipelines to transparent, replicable builds, Google’s platform transforms package verification from a passive hope into an active, measurable guarantee. As attackers increasingly insert malicious logic during opaque build steps, the ability to deterministically reproduce binaries becomes a decisive control. OSS Rebuild breaks this chain by isolating the build inside an ephemeral container with outbound network blocks and by hashing every intermediate artifact. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. Security teams can then quarantine the suspect version automatically, and maintainers can inspect a concise diff that pinpoints altered symbols down to the function level. Over the past year, a string of high-profile compromises—from the xz-utils backdoor to the solana/webjs typosquatting incident—has shown how stealthy code can poison widely deployed libraries before defenders notice. bash command or by toggling compiler flags, the rebuilt package will either fail to reproduce or emit a mismatch in the final digest. The hosted service already covers thousands of the most-downloaded packages on PyPI, npm, and Crates.io, yet Google has open-sourced the pipeline so enterprises can boot their own mirrors. Modern software supply-chains rely on millions of third-party components, making package repositories a lucrative for attackers. Traditional malware hides during build time by downloading payloads or rewriting object files after compilation.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 24 Jul 2025 08:55:10 +0000


Cyber News related to Google Launches OSS Rebuild to Strengthen Security of The Open-Source Package Ecosystems - Cyber Security News

The Impact of Open-Source Software on Public Finance Management - The open-source movement holds significant potential for public agencies, too, especially in the realm of finances. Public finance has emerged as a leader in government-backed OSS, thanks largely to the move toward open banking. Benefits of OSS in ...
1 year ago Feeds.dzone.com
Google Launches OSS Rebuild to Strengthen Security of The Open-Source Package Ecosystems - Cyber Security News - Google Security Blog analysts identified the malware’s tell-tale divergence between source and published bytecode after comparing upstream commits with registry payloads, underscoring the need for reproducible builds at scale. OSS Rebuild answers ...
2 months ago Cybersecuritynews.com
Are the Fears about the EU Cyber Resilience Act Justified? - "The draft cyber resilience act approved by the Industry, Research and Energy Committee aims to ensure that products with digital features, e.g. phones or toys, are secure to use, resilient against cyber threats and provide enough information about ...
1 year ago Securityboulevard.com
Are the Fears About the EU Cyber Resilience Act Justified? - On Wednesday, July 19, the European Parliament voted in favor of a major new legal framework regarding cybersecurity: the Cyber Resilience Act. The act enters murky waters when it comes to open-source software. It typically accounts for 70% to 90% of ...
1 year ago Feeds.dzone.com
Open Source Password Managers: Overview, Pros & Cons - There are many proprietary password managers on the market for those who want an out-of-the box solution, and then there are open source password managers for those wanting a more customizable option. In this article, we explain how open source ...
1 year ago Techrepublic.com
The Rise of Cyber Insurance - What CISOs Need to Consider - Cyber insurance offers not just financial protection against potentially devastating cyber incidents but also provides frameworks for improving security posture, access to specialized resources, and support during crisis scenarios. Beyond financial ...
5 months ago Cybersecuritynews.com
Wazuh: Building robust cybersecurity architecture with open source tools - Building a cybersecurity architecture requires organizations to leverage several security tools to provide multi-layer security in an ever-changing threat landscape. Leveraging open source tools and solutions to build a cybersecurity architecture ...
1 year ago Bleepingcomputer.com
Wazuh: Building robust cybersecurity architecture with open source tools - Building a cybersecurity architecture requires organizations to leverage several security tools to provide multi-layer security in an ever-changing threat landscape. Leveraging open source tools and solutions to build a cybersecurity architecture ...
1 year ago Bleepingcomputer.com
Google Cloud Next 2024: New Data Center Chip Joins Ecosystem - Google Cloud announced a new enterprise subscription for Chrome and a bevy of generative AI add-ons for Google Workspace during the Cloud Next '24 conference, held in Las Vegas from April 9 - 11. Overall, Google Cloud is putting its Gemini generative ...
1 year ago Techrepublic.com
Cyber Insurance for Businesses: Navigating Coverage - To mitigate these risks, many businesses opt for cyber insurance. With the wide range of policies available, navigating the world of cyber insurance can be overwhelming. In this article, we will delve into the complexities of cyber insurance and ...
1 year ago Securityzap.com
Cyber Insurance: A Smart Investment to Protect Your Business from Cyber Threats in 2023 - Don't wait until it's too late - get cyber insurance today and secure your business for tomorrow. According to the U.S. Federal Trade Commission, cyber insurance is a particular type of insurance that helps businesses mitigate financial losses ...
1 year ago Cyberdefensemagazine.com
Launching Your First Open Source Project - I've been deeply immersed in the world of developer products for the past decade, and let me tell you, I've been quite an open-source enthusiast. Over the years, I've had the pleasure of shepherding open-source projects of all shapes and sizes. ...
1 year ago Feeds.dzone.com Cactus
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
3 months ago Cybersecuritynews.com
North Korea Launches New Military Based Research Center To Strengthen Hacking Capabilities - The center is designed to research and develop international cyber hacking technologies, representing a substantial shift in the country’s approach to information warfare. The establishment of Research Center 227 comes amid increasing ...
6 months ago Cybersecuritynews.com
Fighting ransomware: A guide to getting the right cybersecurity insurance - While the cybersecurity risk insurance market has been around for more than 20 years, the rapidly changing nature of attacks and the rise in the ransomware epidemic has markedly changed the nature of cyber insurance in recent years. It's more ...
1 year ago Scmagazine.com
Threat Actors Weaponizing Open Source Packages to Deliver Malware in Supply Chain Attack - In one campaign linked to North Korean threat actors, Socket.dev researchers discovered a package delivering a loader called “BeaverTail” that stole browser data and cryptocurrency wallet credentials before fetching a more advanced ...
4 months ago Cybersecuritynews.com
Three Key Threats Fueling the Future of Cyber Attacks - Improvements in cyber security and business continuity are helping to combat encryption-based ransomware attacks, yet the cyber threat landscape is continually evolving. Protecting an organization against intrusion remains a cat and mouse game, in ...
1 year ago Cyberdefensemagazine.com
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
1 year ago Cyberdefensemagazine.com Akira
The Evolution of Cyber Threats: Past, Present, and Future - Cyber threats have evolved significantly over time, posing increasing risks to individuals, organizations, and governments in our interconnected world. Let's explore the past, present, and future of cyber threats to better understand how to protect ...
1 year ago Securityzap.com
Uncertainty Is the Biggest Challenge to Australia's Cyber Security Strategy - Political shifts could lead to changes in Australia's cyber security strategy. Early in 2023, as the Australian government started to craft its cyber security vision, it met with opposition at both ends of the political spectrum. On the right wing, ...
1 year ago Techrepublic.com
Hackers Abuse Google Services to Send Malicious Law Enforcement Requests - The attack utilizes official Google infrastructure, including the company’s OAuth system and sites.google.com domain, to create messages that appear to come directly from Google’s trusted [email protected] address. A sophisticated ...
4 months ago Cybersecuritynews.com
CVE-2022-49272 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago
IT Professionals in ASEAN Confronting Rising Cyber Security Risks - The ASEAN region is seeing more cyber attacks as digitisation advances. In July 2023, the Association of Southeast Asian Nations officially opened a joint cyber security information sharing and research centre, or Cybersecurity and Information Centre ...
1 year ago Techrepublic.com
Ahead of Regulatory Wave: Google's Pivotal Announcement for EU Users - Users in the European Union will be able to prevent Google services from sharing their data across different services if they do not wish to share their data. Google and five other large technology companies must comply with the EU's Digital Markets ...
1 year ago Cysecurity.news
Wargames director Jackie Schneider on why cyber is one of 'the most interesting scholarly puzzles' - In other games, we had people from Silicon Valley who were leading AI companies or cyber companies. What we found is those who had expertise in cyber operations were more likely to be more nuanced about how they used the cyber capability. On a larger ...
1 year ago Therecord.media

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)