Supply Chain

馃彮 Supply Chain

Software Bill of Materials, Dependency Confusion, Code Signing, Build Security

Feeds to Scour
SubscribedAll
Scoured 658 posts in 5.2 ms

Malware Insights: Miasma Campaign

馃Malware Analysis
cookie.engineerHacker News

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

馃敀Security
securityweek.com

The Worm in the Supply Chain: How Defender for Endpoint and Sentinel for SAP BTP Caught Shai-Hulud

馃Malware Analysis
techcommunity.microsoft.com

You can fork a package, but can you own it?

馃敀Security
event-driven.io

Vulnerability and malware checks in uv

馃UnikernelsContent type: Blog
astral.shLobsters, Hacker News, Hacker News

81% of teams ship broken code: Mythos made that inexcusable

馃AI Security
techradar.com

A popular OpenAI Codex tool with 29,000 weekly downloads has been quietly stealing developer tokens for a month

馃實Browser Exploits
thenextweb.com

Minimus Announces General Availability of Supply Chain Protection and minicli

馃摝Container Security
nextbigfuture.com

My experience rejuvenating CI/CD infrastructure with AI | TechTarget

馃AI Security
techtarget.com

GlassFish 8.0.3 Released: Performance optimizations and security fixes

馃敀Security
omnifish.eer/java

GitHub nukes 70+ Microsoft repos, breaks CI/CD pipelines, following suspected worm infections

馃實Browser ExploitsContent type: News
theregister.comHacker News

debsecan-mcp v0.1.2 released to PyPI

馃挜Binary ExploitationContent type: Blog
copyninja.in

#069 - Anthropic's Fable 5 can silently get dumber, Apple's container ships Docker-killer Linux VMs

馃Unikernels
indiehacker.news

docs(release): fix sequential patch numbering 路 openclaw/openclaw@fb9dc86

馃實Browser ExploitsContent type: Code
github.com

How 56 npm packages used binding.gyp to steal CI/CD secrets

馃實Browser ExploitsContent type: Blog
reversinglabs.com

If You Use Claude or Gemini, This Microsoft Breach Means Your Data Is at Risk

馃實Browser Exploits
scienspire.comHacker News

Supply chain attacks: is a Kessler Syndrome for OSS a risk worth acknowledging?

馃敀Security
keydiscussions.comHacker News

Code is being written everywhere, and the device is the only constant

馃毃Incident ResponseContent type: Blog
aikido.dev

pnpm 11.5 Adds Support for Recognizing npm Staged Publishes

馃實Browser ExploitsContent type: Blog
socket.dev

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

馃寪Network SecurityContent type: News
bleepingcomputer.com
Sign up or log in to see more results
Sign UpLogin

Keyboard Shortcuts

Navigation

Next / previous item
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Browse
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help