🔗 Software Supply Chain

arxiv.org·

Software Dark Matter: Gazing at Uncharted Files to Navigate SBOM Integrations

Covered by Andrew Nesbitt
Feeds
hextrap.com·

Package Firewall with OPA Policies and MCP Support

Covers Open Policy Agent - Homepage | Open Policy Agent
Discussed on Hacker News
Feeds
guaracloud.github.io·

Purple Wolf – A fast, verifiable WAF for Traefik

Discussed on Hacker News
Feeds
GitHub·

Show HN: Marshal – behavioral supply-chain scanner for JVM dependencies

Discussed on Hacker News
Feeds
datanexusmcp.com·

September 2025 NPM Attack Hit 2.6B Weekly Downloads. Most Found Out on Twitter

Covers 2 stories See all stories this covers including The npm Threat Landscape: Attack Surface and Mitigations
Discussed on Hacker News
Feeds
i-programmer.info·

Perplexity Releases The Bumblebee Supply Chain Security Scanner

Covers perplexityai/bumblebee: Read-only inventory collector for package, extension, and developer-tool metadata on macOS and Linux developer endpoints, built for fast supply-chain exposure checks.
Feeds
worklifenotes.com·

CI/CD Security Principles in 2026

Covers Static Analysis for GitHub Actions
Discussed on Hacker News
Feeds
endorlabs.com·

Mastra compromised in supply chain attack

Covered by news.risky.biz
Discussed on Hacker News
Feeds
manveerc.substack.com·

Smarter Models, Dumber Security

Covers 2 stories See all stories this covers including Model Context Protocol And OAuth
Discussed on Substack
Feeds
stepsecurity.io·

Mastra NPM Supply Chain Attack: 140 Packages Backdoor via easy-day-JS Typosquat

Covered by 5 sources See all sources covering this story including thehackernews.com, Malware Analysis, News and Indicators
Discussed on Hacker News
Feeds
hackernoon.com·

GitGuardian Announces Endpoint Protection

Feeds
Determinate Systems·

Nixpkgs Cooldowns

Covers 3 stories See all stories this covers including PSA: AUR is down only on ipv4. Enable ipv6 to get it working again.
Covered by Linuxiac
Discussed on Hacker News
Feeds
johnstawinski.com·

Repo-Jacking Anthropic's Claude Community Plugins (and the SHAs That Saved Them)

Discussed on Hacker News
Feeds
theregister·

Python dev saved from disaster by intuition and AI

Covers 3 stories See all stories this covers including Upcoming breaking changes for npm v12 - GitHub Changelog
Discussed on Hacker News
Feeds
Socket·

Socket Firewall

Covered by Huli's blog
Discussed on Hacker News
Feeds
GitHub·

Muninn: 8 Security scanners in one GitHub Action

Covered by indiehacker.news
Discussed on Hacker News
Feeds
Huntress Blog·

Cybercrime Breaches Klue: Salesforce Data Impacted for Many Victims, including Huntress

Covered by 5 sources See all sources covering this story including BleepingComputer, SecurityWeek
Feeds
tirith.sh·

Detect terminal injection, homograph, and pipe-to-shell attacks

Discussed on Hacker News
Feeds
TNW | Data-Security·

Attackers hijacked over 1,500 Arch Linux packages to steal developers’ secrets, no hacking required

Covers Active AUR malicious packages incident
Discussed on Hacker News
Feeds
hackernoon.com·

What Are Some Best Practices for Pipeline Security?

Feeds

Keyboard Shortcuts

Navigation

Next / previous post
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Discover
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help