Forem

# supplychain

Posts

đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.
MCPwn Is Live. We Scanned the Supply Chains of 14 MCP Servers. Here's What We Found.
piiiico profile
Pico

MCPwn Is Live. We Scanned the Supply Chains of 14 MCP Servers. Here's What We Found.

#security #mcp #supplychain #javascript
Comments
5 min read
One Year of Liberation Day: What the Tariff Rollout Actually Revealed About AI Infrastructure
david_aronchick_ea415de50 profile

One Year of Liberation Day: What the Tariff Rollout Actually Revealed About AI Infrastructure

#ai #infrastructure #supplychain #distributedcomputing
Comments
8 min read
161 verified AI package hallucinations across 8.5M indexed — open dataset
depscope profile

161 verified AI package hallucinations across 8.5M indexed — open dataset

#ai #security #supplychain #mcp
Comments
4 min read
Two Independent Attack Surfaces: Why npm Provenance Doesn't Make a Package Safe
piiiico profile
Pico

Two Independent Attack Surfaces: Why npm Provenance Doesn't Make a Package Safe

#npm #security #javascript #supplychain
Comments
3 min read
Two Types of npm Supply Chain Attack: What Catches Each
piiiico profile
Pico

Two Types of npm Supply Chain Attack: What Catches Each

#npm #security #supplychain #javascript
Comments
5 min read
certifi has 350M weekly downloads and one publisher. It handles your SSL certificates.
piiiico profile
Pico

certifi has 350M weekly downloads and one publisher. It handles your SSL certificates.

#python #security #supplychain #npm
Comments
4 min read
Four MCP packages, four ways the supply chain shifted in two weeks of npm monitoring
michael_onyekwere profile

Four MCP packages, four ways the supply chain shifted in two weeks of npm monitoring

#security #supplychain #mcp #npm
Comments
7 min read
Slopsquatting in Python: What 205,474 Hallucinated Package Names Mean for Your Supply Chain
duriantaco profile

Slopsquatting in Python: What 205,474 Hallucinated Package Names Mean for Your Supply Chain

#python #security #ai #supplychain
Comments
8 min read
Hacking GitHub: From Tag Rewrites to Dangling Commits, Where the Git Protocol Trusts You Without Checking
Cover image for Hacking GitHub: From Tag Rewrites to Dangling Commits, Where the Git Protocol Trusts You Without Checking
kanywst profile
kt

Hacking GitHub: From Tag Rewrites to Dangling Commits, Where the Git Protocol Trusts You Without Checking

#security #github #git #supplychain
Comments
19 min read
I built chainscope: reading supply chain attacks across 6 surfaces, one slide at a time
Cover image for I built chainscope: reading supply chain attacks across 6 surfaces, one slide at a time
kanywst profile
kt

I built chainscope: reading supply chain attacks across 6 surfaces, one slide at a time

#showdev #security #supplychain
Comments
7 min read
SLSA Provenance Hands-on: Generate with GitHub Actions, Verify with slsa-verifier
Cover image for SLSA Provenance Hands-on: Generate with GitHub Actions, Verify with slsa-verifier
kanywst profile
kt

SLSA Provenance Hands-on: Generate with GitHub Actions, Verify with slsa-verifier

#security #supplychain #slsa #sigstore
Comments
11 min read
Why Did Docker Abandon TUF?: A Turbulent History of Container Signing
Cover image for Why Did Docker Abandon TUF?: A Turbulent History of Container Signing
kanywst profile
kt

Why Did Docker Abandon TUF?: A Turbulent History of Container Signing

#security #docker #supplychain #sigstore
2
Comments
10 min read
The power adapter was the attack
randomchaos profile
RC

The power adapter was the attack

#hardwareimplant #supplychain #physicalsecurity #redteam
Comments
7 min read
The Anthropic SDK Looks Safe. Two of Its Transitive Dependencies Are Not.
piiiico profile
Pico

The Anthropic SDK Looks Safe. Two of Its Transitive Dependencies Are Not.

#security #npm #javascript #supplychain
Comments
3 min read
A postcard breached a warship
randomchaos profile
RC

A postcard breached a warship

#physicalsecurity #iotthreats #redteam #supplychain
Comments
5 min read
đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.