🔐 Supply Chain Security - michael · Scour

GitHub's Supply Chain Roadmap, Scaling Vulnerability Management with AI, Finding Vulnerabilities Across Repos 📝Git

tldrsec.com·6d

Package Security Problems for AI Agents 🔒Security

nesbitt.io·23h

Towards Predicting Multi-Vulnerability Attack Chains in Software Supply Chains from Software Bill of Materials Graphs 💜.NET

arxiv.org·1d

Package Security Problems for AI Agents 🤖Agentic AI

programming.dev·2h

@fairwords npm packages compromised by a self-propagating credential worm - steals tokens, infects other packages you own, then crosses to PyPI 🤝mTLS

safedep.io·1d·Hacker News, r/Malware, r/programming

State Council Publishes "Provisions on Industrial and Supply Chain Security", Establishing Security Investigation and Countermeasure Mechanisms 🔒Linux Hardening

autonews.gasgoo.com·20h

Every dependency you add is a supply chain attack waiting to happen 🔌ESPHome

benhoyt.com·6d·Lobsters, Hacker News, Hacker News, Hacker News

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust 🐧Linux Kernel

thehackernews.com·1d

DSCSA compliance policies establish 1-year stabilization period for implementing electronic systems 🔒Linux Hardening

fda.gov·15h

North Korea’s Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads 🔒Linux Hardening

socket.dev·1d·Hacker News

Axois NPM Supply Chain Incident 🖥️Homelab

malware.news·5d

.env is safe but your –/.claude is not 🔒Security

github.com·1d·Hacker News

I built an npm scanner and found 21 malicious packages in 24 hours, including 4 new attack vectors targeting AI coding tools 🔒Linux Hardening

yuribm.dev·5d·r/node

camilolb/warden: A security CLI for Node.js developers. Scan for malicious packages, detect typosquatting, monitor outbound connections, enforce license compliance, and audit your supply chain — 100% local, no data ever leaves your machine. 🔒Linux Hardening

github.com·1d·DEV

Axios npm Package Compromised in Supply Chain Attack 💜.NET

infoq.com·6d

I published my first PyPI package few ago. Copycat packages appeared claiming to "outperform" it 🐧Linux

reddit.com·2d·r/Python

SWHID in Practice: SBOM Verification, CRA Compliance, and Traceability Use Cases 💜.NET

toscalix.com·2d

Axios supply chain attack victim posts postmortem to prevent a repeat 🤝mTLS

techzine.eu·6d

China enforces new security rules to defend supply chains from global threats 🔒Security

scmp.com

·1d·r/SCMPauto

Protect Yourself from Litigation due to Unexpected Python License Agreements 📝Git

blog.inedo.com·6d

Loading more...