Tag

supply chain

Oldest Newest URL A-Z URL Z-A Title A-Z Title Z-A Random
Are we PEP 740 yet? šŸ”
https://trailofbits.github.io/are-we-pep740-yet/
 
import-20250527224135 python security supply chain
Added 3 months ago
www.darkreading.com
https://www.darkreading.com/vulnerabilities-threats/critical-flaw-cve-scoring
 
cyber security supply chain
Added 4 weeks ago
GitHub Actions now supports a digest for validating your artifacts at runtime - GitHub Changelog
https://github.blog/changelog/2025-03-18-github-actions-now-supports-a-digest-for-validating-your-artifacts-at-runtime/

Developers using upload-artifact and download-artifact in their Actions workflows can now ensure the integrity of their artifacts with the new SHA256 digest. This feature automatically verifies that the artifact uploadedā€¦

 
import-20250527224135 security supply chain
Added 3 months ago
Using artifact attestations to establish provenance for builds - GitHub Docs
https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds#verifying-artifact-attestations-with-the-github-cli
 
github security supply chain
Added 3 months ago
Artifact Attestations is generally available
https://github.blog/changelog/2024-06-25-artifact-attestations-is-generally-available/

GitHub Artifact Attestations is generally available Weā€™re thrilled to announce the general availability of GitHub Artifact Attestations! Artifact Attestations allow you to guarantee the integrity of artifacts built inside GitHubā€¦

 
github import-20250527224135 security supply chain
Added 3 months ago
https://www.reuters.com/world/middle-east/dozens-hezbollah-members-wounded-lebanon-when-pagers-exploded-sources-witnesses-2024-09-17/
https://www.reuters.com/world/middle-east/dozens-hezbollah-members-wounded-lebanon-when-pagers-exploded-sources-witnesses-2024-09-17/
 
hardware import-20250527224135 security supply chain
Added 3 months ago
Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection - Flatt Secu
https://flatt.tech/research/posts/compromising-openwrt-supply-chain-sha256-collision/

Introduction Hello, Iā€™m RyotaK (@ryotkak ), a security engineer at Flatt Security Inc. A few days ago, I was upgrading my home lab network, and I decided to upgrade the OpenWrt on my router.1 After accessing the LuCI, which is the web interface of OpenWrt, I noticed that there is a section called Attended Sysupgrade, so I tried to upgrade the firmware using it. After reading the description, I found that it states it builds new firmware using an online service.

 
cyber import-20250527224135 open source pentest security supply chain vulnerability
Added 3 months ago
reviewdog/action-setup
https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup
 
actions github import-20250527224135 security supply chain
Added 3 months ago
Recent improvements to Artifact Attestations - GitHub Changelog
https://github.blog/changelog/2025-02-18-recent-improvements-to-artifact-attestations/

We released a collection of improvements to Artifact Attestations to make the verification of attestations easier and more consistent. Artifact Attestations let you create provenance signatures, which provide an unforgeableā€¦

 
github import-20250527224135 security supply chain
Added 3 months ago
AI-hallucinated code dependencies become new supply chain risk
https://www.bleepingcomputer.com/news/security/ai-hallucinated-code-dependencies-become-new-supply-chain-risk/

A new class of supply chain attacks named 'slopsquatting' has emerged from the increased use of generative AI tools for coding and the model's tendency to "hallucinate" non-existent package names.

 
ai code dependencies import-20250527224135 supply chain vulnerability
Added 3 months ago