Skip to main content
Scour
Browse
Getting Started
Login
Sign Up
You are offline. Trying to reconnect...
Close
Copied to clipboard
Close
Unable to share or copy to clipboard
Close
🔐 Supply Chain Security
SBOM, dependency security, SLSA, package signing
Filter Results
Timeframe
Fresh
Past Hour
Today
This Week
This Month
Feeds to Scour
Subscribed
All
Scoured
186558
posts in
54.3
ms
Supply
Chain
Security
Incident
Report
✅
Dev Best Practices
malware.news
·
3d
Managing
dependencies
in
non-manifest
languages
🗣️
New Languages
news.ycombinator.com
·
3h
·
Hacker News
lightning
PyPI
Package
Compromised
in Supply Chain Attack
🔬
eBPF
socket.dev
·
11h
Is your
connected
product ready for the Cyber
Resilience
Act?
✅
Dev Best Practices
iotinsider.com
·
1d
The never-ending supply chain attacks
worm
into
SAP
npm packages, other dev tools
🔬
eBPF
theregister.com
·
1h
eDySec
: A Deep Learning-based Explainable Dynamic Analysis Framework for Detecting Malicious Packages in
PyPI
Ecosystem
⚙️
MLOps
arxiv.org
·
21h
How a Poisoned Security Scanner Became the Key to
Backdooring
LiteLLM
🔬
eBPF
snyk.io
·
1d
TeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade,
xinference
PyPI),
Canist
...
🔬
eBPF
isc.sans.edu
·
3d
Dependency Explorer for NPM,
PyPI
and
Nix
🌐
Open Source
simonramstedt.com
·
3h
·
r/javascript
PyTorch Lightning
Compromised
in
PyPI
Supply Chain Attack to Steal Credentials
🔬
eBPF
thehackernews.com
·
8h
China’s New Supply
Chain
Security Rules
Raise
the Risks for Foreign Companies
🛡️
AI Safety
oodaloop.com
·
1d
Shai-Hulud
Themed Malware Found in the PyTorch Lightning AI Training Library
🔬
eBPF
semgrep.dev
·
8h
·
Hacker News
PyPI supply chain compromise via GitHub Actions → elementary-data
backdoored
with
.pth
infostealer (exec on interpreter startup)
✅
Dev Best Practices
thecybersecguru.com
·
2d
·
r/sysadmin
,
r/webdev
coreinfrastructure/best-practices-badge
sbom-staging-20260425-7c090d42
🔬
eBPF
github.com
·
5d
US Considers Tariffs on Display Tech to
Curb
Reliance
on China
🚀
Emerging Tech
moderndiplomacy.eu
·
15h
China’s New Supply
Chain
Security Rules
Raise
the Risks for Foreign Companies
🔒
Zero Trust
harris-sliwoski.com
·
1d
What is a Symbol Server and How Does it Help
Debug
NuGet
?
🔍
Static Analysis
blog.inedo.com
·
16h
Show HN: I built a
PyPI
watchdog that tests whether
packages
work
🔬
eBPF
sovereignmail.org
·
5d
·
Hacker News
Top open source
PyPI
package with over 1 million
downloads
each month hacked to send out malware
🌐
Open Source
techradar.com
·
2d
PyTorch Lightning project
quarantined
by
PyPI
⚙️
MLOps
pypi.org
·
9h
·
Hacker News
Page 2 »
Log in to enable infinite scrolling
Keyboard Shortcuts
Navigation
Next / previous item
j
/
k
Open post
o
or
Enter
Preview post
v
Post Actions
Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s
Recommendations
Add interest / feed
Enter
Not interested
x
Go to
Home
g
h
Interests
g
i
Feeds
g
f
Likes
g
l
History
g
y
Changelog
g
c
Settings
g
s
Browse
g
b
Search
/
Pagination
Next page
n
Previous page
p
General
Show this help
?
Submit feedback
!
Close modal / unfocus
Esc
Press
?
anytime to show this help