Software Supply Chain

🔗 Software Supply ChainSpecific

supply chain security, dependency risk, open source vulnerabilities, package security

Feeds to Scour
SubscribedAll
Scoured 32 posts in 27.9 ms
arXiv·

What You See Is Not What You Execute: Memory-Based Runtime SBOM Generation for Supply Chain Security

Feeds
BleepingComputer·

LastPass confirms data breach in Klue supply chain attack

Covers Klue Supply Chain Incident & LastPass Response
Covered by 3 sources See all sources covering this story including sh.itjust.works, TechRadar
Discussed on Hacker News
Feeds
zwischenzugs·

Reinventing The Wheel, Now At A Bargain Price!

Covers 2 stories See all stories this covers including npm Blog Archive: Details about the event-stream incident
Discussed on Hacker News
Feeds
guaracloud.github.io·

Purple Wolf – A fast, verifiable WAF for Traefik

Discussed on Hacker News
Feeds
cyber.netsecops.io·

Malicious AI 'Skills' on OpenClaw's ClawHub Marketplace Bypass Scanners

Discussed on Hacker News
Feeds
datanexusmcp.com·

September 2025 NPM Attack Hit 2.6B Weekly Downloads. Most Found Out on Twitter

Covers 2 stories See all stories this covers including The npm Threat Landscape: Attack Surface and Mitigations
Discussed on Hacker News
Feeds
I Programmer·

Perplexity Releases The Bumblebee Supply Chain Security Scanner

Covers perplexityai/bumblebee: Read-only inventory collector for package, extension, and developer-tool metadata on macOS and Linux developer endpoints, built for fast supply-chain exposure checks.
Feeds
worklifenotes.com·

CI/CD Security Principles in 2026

Covers Static Analysis for GitHub Actions
Discussed on Hacker News
Feeds
Flox·

Mitigating Shai-Hulud Attacks with Hermetic Builds

Covers Widespread Supply Chain Compromise Impacting NPM Ecosystem
Discussed on Hacker News and r/NixOS
Feeds
Trail of Bits Blog·

Introducing Patch the Planet

Covers 4 stories See all stories this covers including The AGENTS.md Standard: A simple, open format for guiding coding agents
Covered by 6 sources See all sources covering this story including Python Insider, The Register
Feeds
GitHub·

Muninn: 8 Security scanners in one GitHub Action

Covered by indiehacker.news
Discussed on Hacker News
Feeds
openaca.dev·

AI agent security needs a composition graph, not just an SBOM

Discussed on Hacker News
Feeds
johnstawinski.com·

Repo-Jacking Anthropic's Claude Community Plugins (and the SHAs That Saved Them)

Discussed on Hacker News
Feeds
The GitHub Blog·

Advocating for fixes to California AI Transparency Act to protect open source

Covers Code of Practice on Transparency of AI-Generated Content
Discussed on Hacker News
Feeds
tirith.sh·

Detect terminal injection, homograph, and pipe-to-shell attacks

Discussed on Hacker News
Feeds
Search CIO
·

Nvidia adopts OpenBAO, open source fork of HashiCorp's Vault

Covers SOPS is an editor of encrypted files
Discussed on Hacker News and r/opensource
Feeds
GitHub·

Keystone – deterministic execution vault with replay‑verifiable proof

Discussed on Hacker News
Feeds
dragos.com·

Accenture Aquires Majority Stake in Dragos

Covers runZero: Exposure Management
Discussed on Hacker News
Feeds
manifold.security·

ClawHub's 23 plugins squat the official @openclaw and @clawhub scopes

Covered by Help Net Security
Discussed on Hacker News
Feeds
CSO Online·

Cybersecurity is no longer about protection. It’s about survival.

Discussed on Hacker News
Feeds

Keyboard Shortcuts

Navigation

Next / previous post
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Discover
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help