🔐 Supply Chain Security - michael · Scour

From SBOMs to AI BOMs: Why SPDX 3.0 Matters

5 Software Supply Chain Security Best Practices for Development Teams

🔒Security Blog

Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads with New PyPI Wave

🔒Security Blog

Shai-Hulud copycat campaign targets Python developers through PyPI typosquatting

🔒Security Blog

about.gitlab.com·

Trying to make sense of package-manager metadata

debsecan-mcp v0.1.2 released to PyPI

📝Git Blog

Massive PyPI Supply Chain Attack Harvests Cloud Credentials via Python Startup Hooks

orca.security·

I Replaced Our Commercial Artifact Registry With a Free One After a 5× Renewal Price Hike.

🐷Trufflehog Blog

·

Shai-Hulud Hades PyPI Campaign: 19 Packages Trojanized via Wheel Startup Hooks

🔒Security Blog

Hades PyPI Malware: Miasma Campaign Exploits .pth Startup Hooks

sh.itjust.works·

NCSC Warns Of Rising Software Supply Chain Attacks Targeting Open-Source Packages

Less-relevant results

GlassFish 8.0.3 Released: Performance optimizations and security fixes

omnifish.ee··r/java

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

securityweek.com·

AI Code Review Got Much Better When I Gave It Design Contracts, Not Just Code (Fable5 review)

nuget.org··DEV

Glone: A CLI to back up all your GitHub repositories

📝Git Code

github.com··Hacker News

Release v0.2.90 · anthropics/claude-agent-sdk-python

🤖Agentic AI Code

Five Supply Chain Security Risks Hiding Inside Your Mobile Apps

🔒Security Blog

supplychainbrain.com·

The Day Rust’s Time Utilities Started Stealing Secrets

🐷Trufflehog Blog

·

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

🔒Security News

bleepingcomputer.com·

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

thehackernews.com·

Log in to enable infinite scrolling