Supply Chain

🏭 Supply Chain

Software Bill of Materials, Dependency Confusion, Code Signing, Build Security

Feeds to Scour
SubscribedAll
Scoured 647 posts in 11.7 ms

Shai-Hulud copycat campaign targets Python developers through PyPI typosquatting

 💻Hacking  Content type: Blog
about.gitlab.com·

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

 📦Container Security
thehackernews.com·

From SBOMs to AI BOMs: Why SPDX 3.0 Matters

 🧬Program Synthesis
malware.news·

Upcoming breaking changes for npm v12 - GitHub Changelog

 🌍Browser Exploits  Content type: Blog  Content type: Tutorial
github.blog··Lobsters, Hacker News, r/javascript, r/node

Massive PyPI Supply Chain Attack Harvests Cloud Credentials via Python Startup Hooks

 📦Container Security
orca.security·

npm Tooling Bug Incorrectly Marks One-Character Packages as Security Holders

 🌍Browser Exploits  Content type: Blog
socket.dev·

Self-replicating Miasma worm hits 73 Microsoft GitHub repositories in supply chain attack

 🌍Browser Exploits  Content type: News
thenextweb.com·

Carbon-Aware DevOps: Turning CI/CD Pipelines Into Emissions-Controlled Workloads

 🏗️OS Internals
devops.com·

NCSC Warns Of Rising Software Supply Chain Attacks Targeting Open-Source Packages

 📦Container Security
petri.com·

codacy/codacy-cloud-cli: A command-line tool to interact with Codacy Cloud directly from your terminal.

 📊Static Analysis  Content type: Code
github.com··Hacker News

GitInject: Real-World Prompt Injection Attacks in AI-Powered CI/CD Pipelines

 🧠AI Security  Content type: Academic
arxiv.org·

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

 💥Binary Exploitation
securityweek.com·

GitHub pulls pin on npm's auto-run scripts

 🌍Browser Exploits  Content type: News
theregister.com·

Poisoned Pipelines: Invisible Vulnerabilities Threatening CI/CD Security

 📦Container Security  Content type: Blog
pearlsofwizdom.medium.com·

someone actually leaked the Miasma supply chain attack toolkit source code on github

 🎯Red Team
safedep.io··Hacker News, r/programming

GitLab Commands and How to Push Code to GitLab

 📦Container Security  Content type: Code
gitlab.com··DEV

Shai-Hulud Hades PyPI Campaign: 19 Packages Trojanized via Wheel Startup Hooks

 🎯Red Team  Content type: Blog
socradar.io·

New IronWorm Malware Hits 36 Packages In npm Supply-Chain Attack

 🐧eBPF Kernels
it.slashdot.org·

Microsoft pulled 73 GitHub repos after malware attack — but still won’t say who’s compromised

 🌍Browser Exploits
thenewstack.io·

Vulnerability management is reaching the limits of human scale

 🔒Security  Content type: Blog
sysdig.com·

Keyboard Shortcuts

Navigation

Next / previous item
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Browse
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help