🔐 Supply Chain Security - jinkai_lau · Scour

A03 Software Supply Chain Failures ✅Dev Best Practices

OpenAI hit by supply chain attack linked to malicious TanStack packages 🌐Open Source

securityaffairs.com·4d

Sigstore is an open source project for improving software supply chain security ✅Formal Verification

docs.sigstore.dev·12h·Hacker News

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft 🔬eBPF

microsoft.com·10h

TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages ☸️Kubernetes

QueeNFrisk/OpenSentinel: Open-source supply chain security scanner. Audits Node.js and Bun dependencies for CVEs, credential harvesting, crypto mining, and obfuscated code. Interactive TUI built in Rust. 🔬eBPF

github.com·5d·DEV

GitHub Confirms Hack Impacting 3,800 Internal Repositories 🌐Open Source

securityweek.com·18h

TanStack npm Packages Hit by Mini Shai-Hulud ☸️Kubernetes

Introducing Bitsight Beacon™: Supply Chain Exposure Management for the SOC 📊Observability

bitsight.com·5h

Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development 🔬eBPF

socket.dev·12h

Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering 🤖AI Engineering

venturebeat.com·2d

AI Zero-Day Exploit, CI/CD Supply Chain Poisoning, and Vibe-Coded Data Exposure ✅Dev Best Practices

bishopfox.com·5d

Developer Workstations Are Now Part of the Software Supply Chain 🛠️Developer Experience

thehackernews.com·2d

GitHub confirms hackers stole data from 3,800 internal repositories: What we know so far ✅Dev Best Practices

indianexpress.com·1h

Mini Shai-Halud hackers publish over 600 compromised npm packages — developers warned to be on their guard 🔬eBPF

·12h

SLMA: A Modest Proposal for Supply-Chain Levels for Media Artifacts ✅Formal Verification

noosphere.tech·2d·Hacker News

Building AI-assisted threat hunting for npm supply chain attacks 🔬eBPF

derivai.substack.com·6d·r/netsec

Difference between revisions of "ELC 2026 Presentations" 🔬eBPF

Finding Unpinned and Unpinnable GitHub Actions Across Your Org 🗣️New Languages

pavel.gr·2d·Hacker News

The software supply chain is the new ground zero for enterprise cyber risk. Don’t get caught short 🤖AI Engineering

siliconangle.com·5d

Log in to enable infinite scrolling