Login
GitLab discovers widespread NPM supply chain attack
(about.gitlab.com) by OuterVale | view | 258 comments
Supply chain attacks are exploiting our assumptions
(blog.trailofbits.com) by crescit_eundo | view | 52 comments
Supply Chain Attack on Trivy
(wiz.io) by tiri | view | 5 comments
Dutch chipmaker Nexperia urges Chinese units to help restore supply chain
(reuters.com) by ilamont | view | 1 comments
Iran War Exposes America's Unfixed Supply Chains
(prospect.org) by caminante | view | 1 comments
Supply Chain Alert: Sipeed's Official COMTools Software Flagged as Trojan
by dripmet | view | 2 comments
Trivy Supply Chain Attack Expands to Compromised Docker Images
(socket.dev) by feross | view | 2 comments
The AI frenzy is causing a worldwide supply chain crisis, as prices soar
(nypost.com) by 1vuio0pswjnm7 | view | 2 comments
Anthropic Sues Pentagon over 'Supply Chain Risk' Label
(nytimes.com) by budoso | view | 0 comments
Department of War Designates Anthropic Supply Chain Risk
(twitter.com) by jacobedawson | view | 0 comments
Microsoft Signing Transparency: Secure Software Supply Chains
(azure.microsoft.com) by speckx | view | 0 comments
SHA1-Hulud, NPM supply chain incident
(snyk.io) by tsenturk | view | 0 comments
Shai-Hulud Strikes Again, Again. (NPM Supply Chain Attack)
(socket.dev) by pvtmert | view | 1 comments
Nix Sucks; Everything Else Is Worse: Building Better Software Supply Chains [video]
(youtube.com) by todsacerdoti | view | 0 comments
Metals are key to the global economy – three challenges threaten supply chains
(nature.com) by zeristor | view | 1 comments
Ongoing NPM supply chain attack uses binding.gyp to spread like a worm
(github.com) by varunsharma07 | view | 0 comments
OpenAI caught NPM supply chain chaos after employeedevices compromised
(theregister.com) by Timofeibu | view | 0 comments
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain
(socket.dev) by tosh | view | 0 comments
From SWE to PM: To go for digital management or Supply chain management
by bmahal | view | 0 comments
Federal Court Denies Anthropic's Motion to Lift 'Supply Chain Risk' Label
(nytimes.com) by 1vuio0pswjnm7 | view | 0 comments
Supply chain anomalies in your own Windows 11 install (5 PowerShell commands)
(archive.org) by FireTroyan | view | 0 comments
Federal judge blocks Pentagon from branding Anthropic a supply chain risk
(apnews.com) by glitcher | view | 0 comments
The Trivy Supply Chain Attack Reached LiteLLM
(grith.ai) by edf13 | view | 0 comments
The software supply chain has a new problem: AI agents
(safedep.io) by Sudhanshu2310 | view | 0 comments
Anthropic Supply Chain Risk designation takes effect
(mayerbrown.com) by gone35 | view | 0 comments
Anthropic sues Defense Department over supply chain risk designation
(techcrunch.com) by antimora | view | 0 comments
"We do not think Anthropic should be designated as a supply chain risk"
(twitter.com) by golfer | view | 0 comments
Anthropic says it will challenge Pentagon supply chain risk designation in court
(reuters.com) by Jimmc414 | view | 0 comments
Supply Chain Vuln Compromised Core AWS GitHub Repos Threatening the AWS Console
(wiz.io) by uvuv | view | 0 comments
Show HN: I built a D2C supply chain for my village's Makhana farmers using Bolt
(earthborn-barsoi.vercel.app) by Vikkyv | view | 3 comments
Shai-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposing Secrets
(wiz.io) by samuel246 | view | 1 comments
GitLab discovers widespread NPM supply chain attack
(about.gitlab.com) by soheilpro | view | 1 comments
Zapier just had a supply chain attack
by hoppp | view | 1 comments
Supply Chain Security made the OWASP Top Ten, this changes nothing
(anchore.com) by birdculture | view | 0 comments
SBoM Diffing: Next Frontier for Supply Chain Security
(worklifenotes.com) by taleodor | view | 0 comments
Miasma Supply Chain Attack Toolkit Source Code Leaked on GitHub
(safedep.io) by birdculture | view | 0 comments
Config Files That Run Code: Supply Chain Security Blindspot
(safedep.io) by signa11 | view | 0 comments
NPM-Scan: Detecting Six Major NPM Supply Chain Campaigns (June 2026)
(npmjs.com) by lateos-ai | view | 0 comments
Saisca – offline supply chain risk analyzer (Excel/CSV → insights)
(github.com) by cayincoorts | view | 0 comments
Supply chaing attack alert: .github/setup.js
by antihero | view | 0 comments
NPM-Scan v1.1.0: Four New Detectors for June 2026 Supply Chain Attacks
(github.com) by lateos-ai | view | 1 comments
Miasma NPM Supply Chain Attack: Self-Spreading Worm via Phantom Gyp
(stepsecurity.io) by gaurang_tandon | view | 0 comments
OpenAI Codex tool linked to malicious NPM supply chain attack
(techradar.com) by ChicknNuggt | view | 0 comments
Update on supply chain compromise of Red Hat cloud-services NPM packages
(access.redhat.com) by dralley | view | 0 comments
NPM-Scan: Detecting Supply Chain Attacks (100% Validation on Real Campaigns)
(npmjs.com) by lateos-ai | view | 0 comments
Show HN: Lateos/NPM-scan – open-source NPM supply chain scanner, v0.18.3
(npmjs.com) by lateos-ai | view | 0 comments
DepsGuard – Guard your dependencies against supply chain attacks
(depsguard.com) by eustoria | view | 0 comments
RHSB-2026-006 Supply chain compromise of RedHat-cloud-services NPM packages
(access.redhat.com) by dralley | view | 0 comments
Supply Chain DLP: Stop Leaked .env Files, Credentials, SSH Keys, and API Tokens
(scdlp.io) by ronreiter | view | 0 comments
Miasma supply chain attack: malicious code found in RedHat-cloud-services NPM
(snyk.io) by jruohonen | view | 0 comments