🔗 Supply Chain Attacks - buckman

🔒Cybersecurity Discussion

news.ycombinator.com··Hacker News

I Researched the Red Hat npm Incident — Here's What Every Developer Should Know

📦Dependency Confusion Code

github.com··DEV

someone actually leaked the Miasma supply chain attack toolkit source code on github

🐙GitHub

safedep.io··Hacker News, r/programming

Eliminating long-lived credentials with trusted publishing

🔒Cybersecurity

lwn.net

Shai-Hulud copycat campaign targets Python developers through PyPI typosquatting

💻WMI Abuse Blog

about.gitlab.com·

New IronWorm malware hits 36 packages in npm supply-chain attack

📦Dependency Confusion

bleepingcomputer.com··Hacker News

Organizations struggle with third-party risk management after vendor approval | TechTarget

🔗Supply Chain Intelligence News

techtarget.com

OWASP Dependency-Track 5.0 Is Now Generally Available

📋SBOM Blog

owasp.org·

sinewaveai/agent-security-scanner-mcp: Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix.

🔒Security Code

github.com··Hacker News

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

📦Package Managers

thehackernews.com··r/programming

The NVD Backlog Is a Symptom. Vulnerability Management Has a Scaling Problem

🔓Vulnerability Research Blog

nowsecure.com·

CVE Lite CLI closes dependency gap — but won't stop modern threats

🔒Cybersecurity Blog

reversinglabs.com·

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

🐙GitHub

thehackernews.com·

Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack

📦Dependency Confusion

thehackernews.com·

New IronWorm Malware Hits 36 Packages In npm Supply-Chain Attack

📦Dependency Confusion

it.slashdot.org·

NCSC Warns Of Rising Software Supply Chain Attacks Targeting Open-Source Packages

Software supply chain attacks: check your dependencies

Risky Bulletin: RubyGems adds dependency cooldowns to counter supply chain attacks

The Median App and the Median User-Minute

Massive PyPI Supply Chain Attack Harvests Cloud Credentials via Python Startup Hooks

Supply chain attack alert: .github/setup.js

I Researched the Red Hat npm Incident — Here's What Every Developer Should Know

someone actually leaked the Miasma supply chain attack toolkit source code on github

Eliminating long-lived credentials with trusted publishing

Shai-Hulud copycat campaign targets Python developers through PyPI typosquatting

New IronWorm malware hits 36 packages in npm supply-chain attack

Organizations struggle with third-party risk management after vendor approval | TechTarget

OWASP Dependency-Track 5.0 Is Now Generally Available

sinewaveai/agent-security-scanner-mcp: Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix.

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

The NVD Backlog Is a Symptom. Vulnerability Management Has a Scaling Problem

CVE Lite CLI closes dependency gap — but won't stop modern threats

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack

New IronWorm Malware Hits 36 Packages In npm Supply-Chain Attack