Skip to main content
Scour
Browse
Getting Started
Login
Sign Up
You are offline. Trying to reconnect...
Copied to clipboard
Unable to share or copy to clipboard
Supply Chain Security
🔐 Supply Chain Security
SBOM, dependency security, SLSA, package signing
Filter Results
Timeframe
Fresh
Past Hour
Today
This Week
This Month
Feeds to Scour
Subscribed
All
Scoured
62
posts in
6.4
ms
NCSC Warns Of Rising
Software
Supply
Chain
Attacks Targeting Open-Source Packages
🌐
Open Source
petri.com
·
21h
21 hours ago
Actions for NCSC Warns Of Rising Software Supply Chain Attacks Targeting Open-Source Packages
sinewaveai/agent-security-scanner-mcp
:
Security
scanner
MCP server for AI coding agents. Prompt injection firewall,
package
hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix.
⌨️
CLI Tools
Content type:
Code
github.com
·
6d
6 days ago
·
Hacker News
Actions for sinewaveai/agent-security-scanner-mcp: Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix.
Shai-Hulud copycat campaign targets Python developers through PyPI typosquatting
🛠️
Developer Tools
Content type:
Blog
about.gitlab.com
·
1d
1 day ago
Actions for Shai-Hulud copycat campaign targets Python developers through PyPI typosquatting
someone actually leaked the Miasma
supply
chain
attack
toolkit source code on github
☸️
Kubernetes
safedep.io
·
21h
21 hours ago
·
Hacker News
,
r/programming
Actions for someone actually leaked the Miasma supply chain attack toolkit source code on github
SAST vs
SCA
: Key Differences for AppSec Teams
🔍
Static Analysis
orca.security
·
1d
1 day ago
Actions for SAST vs SCA: Key Differences for AppSec Teams
You can fork a
package
, but can you own it?
🔬
eBPF
event-driven.io
·
4h
4 hours ago
Actions for You can fork a package, but can you own it?
Securing
CI/CD
for an open source project: Controlling who runs what
🔬
eBPF
Content type:
Blog
cncf.io
·
5d
5 days ago
Actions for Securing CI/CD for an open source project: Controlling who runs what
Miasma Worm Compromises 73 Microsoft GitHub
Repositories
🛠️
Developer Tools
securityaffairs.com
·
18h
18 hours ago
Actions for Miasma Worm Compromises 73 Microsoft GitHub Repositories
SOC 2 Controls for Non-Human Identities: CC6, CC7, and CC8
☸️
Kubernetes
Content type:
Blog
goteleport.com
·
1d
1 day ago
Actions for SOC 2 Controls for Non-Human Identities: CC6, CC7, and CC8
IronWorm and New Miasma Worm Variant Hit npm in
Supply
Chain
Attacks
🔬
eBPF
thehackernews.com
·
4d
4 days ago
Actions for IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
Five
Supply
Chain
Security
Risks Hiding Inside Your Mobile Apps
🛡️
AI Safety
Content type:
Blog
supplychainbrain.com
·
1d
1 day ago
Actions for Five Supply Chain Security Risks Hiding Inside Your Mobile Apps
OWASP
Dependency-Track
5.0 Is Now Generally Available
🔌
APIs
Content type:
Blog
owasp.org
·
1d
1 day ago
Actions for OWASP Dependency-Track 5.0 Is Now Generally Available
Miasma Malware Hits 32 Red Hat
Packages
via Compromised GitHub Account
🌐
Open Source
hackread.com
·
4d
4 days ago
Actions for Miasma Malware Hits 32 Red Hat Packages via Compromised GitHub Account
(Video) Connecting vscode to FreeBSD through remote SSH
🛠️
Developer Tools
discoverbsd.com
·
5h
5 hours ago
Actions for (Video) Connecting vscode to FreeBSD through remote SSH
Two-Thirds of Open Source Community Unaware of Cyber Resilience Act
✅
Dev Best Practices
Content type:
News
infosecurity-magazine.com
·
2d
2 days ago
Actions for Two-Thirds of Open Source Community Unaware of Cyber Resilience Act
For the 2nd time in weeks, Microsoft
packages
laced with credential stealer
🕸️
Distributed Systems
Content type:
News
arstechnica.com
·
1d
1 day ago
·
Lobsters
,
Hacker News
Actions for For the 2nd time in weeks, Microsoft packages laced with credential stealer
Microsoft identifies seven new ways AI agents can be hacked
✍️
Prompt Engineering
Content type:
News
infoworld.com
·
4d
4 days ago
Actions for Microsoft identifies seven new ways AI agents can be hacked
Show HN:
CI/lock
–
supply-chain
attestation CLI, from the Witness creators
🔬
eBPF
Content type:
Blog
cilock.dev
·
1d
1 day ago
·
Hacker News
Actions for Show HN: CI/lock – supply-chain attestation CLI, from the Witness creators
Meet Hades: The malware that lies to AI
security
agents
✍️
Prompt Engineering
Content type:
News
csoonline.com
·
1d
1 day ago
Actions for Meet Hades: The malware that lies to AI security agents
Spring is 23 years old. AI just made it a
security
emergency.
🤖
AI Engineering
thenewstack.io
·
16h
16 hours ago
Actions for Spring is 23 years old. AI just made it a security emergency.
Page 2 »
Log in to enable infinite scrolling
Keyboard Shortcuts
Navigation
Next / previous item
j
/
k
Open post
o
or
Enter
Preview post
v
Post Actions
Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s
Recommendations
Add interest / feed
Enter
Not interested
x
Go to
Home
g
h
Interests
g
i
Feeds
g
f
Likes
g
l
History
g
y
Changelog
g
c
Settings
g
s
Browse
g
b
Search
/
Pagination
Next page
n
Previous page
p
General
Show this help
?
Submit feedback
!
Close modal / unfocus
Esc
Press
?
anytime to show this help