supply chain
Arch Linux AUR Hit By Another Wave Of Now More Sophisticated Malware Attack - Phoronix
https://www.phoronix.com/news/Arch-Linux-AUR-More-Malware
Added 6 days ago
Megalodon chums the waters in 5.5K+ GitHub repo poisonings
https://www.theregister.com/security/2026/05/22/megalodon-chums-the-waters-in-55k-github-repo-poisonings/5245342
Added 3 weeks ago
Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised - Real-time Open Source Software Supply Chain Security
https://safedep.io/mini-shai-hulud-strikes-again-314-npm-packages-compromised/
Added 4 weeks ago
Postmortem: TanStack NPM supply-chain compromise
https://tanstack.com/blog/npm-supply-chain-compromise-postmortem
Added 1 month ago
[email protected] and [email protected] are compromised · Issue #10604 · axios/axios · GitHub
https://github.com/axios/axios/issues/10604#issuecomment-4160410930
Added 2 months ago
Judge blocks Pentagon effort to 'punish' Anthropic with supply chain risk label
https://www.cnn.com/2026/03/26/business/anthropic-pentagon-injunction-supply-chain-risk
Added 2 months ago
TeamPCP deploys CanisterWorm on NPM following Trivy compromise
https://www.aikido.dev/blog/teampcp-deploys-worm-npm-trivy-compromise
Added 2 months ago
Statement on the comments from Secretary of War Pete Hegseth
https://www.anthropic.com/news/statement-comments-secretary-war
Added 3 months ago
Sandwich Bill of Materials
https://nesbitt.io/2026/02/08/sandwich-bill-of-materials.html
Added 4 months ago
Supply Chain Vuln Compromised Core AWS GitHub Repos & Threatened the AWS Console
https://www.wiz.io/blog/wiz-research-codebreach-vulnerability-aws-codebuild
Added 5 months ago
We all dodged a bullet - Xe Iaso
https://xeiaso.net/notes/2025/we-dodged-a-bullet/
Added 9 months ago
The Critical Flaw in CVE Scoring
https://www.darkreading.com/vulnerabilities-threats/critical-flaw-cve-scoring
Added 10 months ago
Using artifact attestations to establish provenance for builds - GitHub Docs
https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds#verifying-artifact-attestations-with-the-github-cli
Added 1 year ago
AI-hallucinated code dependencies become new supply chain risk
https://www.bleepingcomputer.com/news/security/ai-hallucinated-code-dependencies-become-new-supply-chain-risk/
Added 1 year ago
reviewdog/action-setup
https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup
Added 1 year ago
GitHub Actions now supports a digest for validating your artifacts at runtime - GitHub Changelog
https://github.blog/changelog/2025-03-18-github-actions-now-supports-a-digest-for-validating-your-artifacts-at-runtime/
Added 1 year ago
Recent improvements to Artifact Attestations - GitHub Changelog
https://github.blog/changelog/2025-02-18-recent-improvements-to-artifact-attestations/
Added 1 year ago
Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection - Flatt Secu
https://flatt.tech/research/posts/compromising-openwrt-supply-chain-sha256-collision/
Added 1 year ago
https://www.reuters.com/world/middle-east/dozens-hezbollah-members-wounded-lebanon-when-pagers-exploded-sources-witnesses-2024-09-17/
https://www.reuters.com/world/middle-east/dozens-hezbollah-members-wounded-lebanon-when-pagers-exploded-sources-witnesses-2024-09-17/
Added 1 year ago
Artifact Attestations is generally available
https://github.blog/changelog/2024-06-25-artifact-attestations-is-generally-available/
Added 1 year ago