Skip to content
Navigation menu
Search
Powered by Algolia
Search
Log in
Create account
Forem
Close
#
supplychainsecurity
Follow
Hide
Posts
Left menu
đź‘‹
Sign in
for the ability to sort posts by
relevant
,
latest
, or
top
.
Right menu
Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers
SnykSec
SnykSec
SnykSec
Follow
for
Snyk
Apr 29
Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers
#
supplychainsecurity
#
python
#
kubernetes
#
docker
Comments
Add Comment
9 min read
AI Hallucinated Dependencies Are the New Supply Chain Attack: How to Stop Them
Toni Antunovic
Toni Antunovic
Toni Antunovic
Follow
Apr 28
AI Hallucinated Dependencies Are the New Supply Chain Attack: How to Stop Them
#
supplychainsecurity
#
aicode
#
npm
#
security
Comments
Add Comment
8 min read
Supply Chain Security Proxy: Move Beyond Vulnerability Scanning
DevOps Start
DevOps Start
DevOps Start
Follow
Apr 28
Supply Chain Security Proxy: Move Beyond Vulnerability Scanning
#
supplychainsecurity
#
artifactprovenance
#
slsaframework
#
devsecopspipeline
Comments
Add Comment
8 min read
GitHub Actions Security: How to Stop Secret Leaks in CI/CD
DevOps Start
DevOps Start
DevOps Start
Follow
Apr 20
GitHub Actions Security: How to Stop Secret Leaks in CI/CD
#
githubactionssecurity
#
oidcauthentication
#
cicdhardening
#
supplychainsecurity
Comments
Add Comment
7 min read
How Attackers Turned Trivy Into a Weapon Against Cisco
RC
RC
RC
Follow
Apr 20
How Attackers Turned Trivy Into a Weapon Against Cisco
#
supplychainsecurity
#
threatintelligence
#
shinyhunters
#
ciscobreach
Comments
Add Comment
4 min read
Cisco's Source Code Breach Was Structural, Not Accidental
RC
RC
RC
Follow
Apr 20
Cisco's Source Code Breach Was Structural, Not Accidental
#
cybersecurity
#
databreach
#
supplychainsecurity
#
secretsmanagement
Comments
Add Comment
3 min read
Governing Security in the Age of Infinite Signal – From Discovery to Control
SnykSec
SnykSec
SnykSec
Follow
for
Snyk
Apr 11
Governing Security in the Age of Infinite Signal – From Discovery to Control
#
applicationsecurity
#
devsecops
#
supplychainsecurity
#
vulnerabilityinsights
Comments
Add Comment
7 min read
Supply chain security for dependencies
binadit
binadit
binadit
Follow
Apr 7
Supply chain security for dependencies
#
supplychainsecurity
#
dependencymanagement
#
vulnerabilityscanning
#
npmsecurity
Comments
Add Comment
3 min read
JPMorgan Just Published a Cyber To-Do List and Snyk Covers 8 of the 10 Items. How do you stack up?
SnykSec
SnykSec
SnykSec
Follow
for
Snyk
Apr 24
JPMorgan Just Published a Cyber To-Do List and Snyk Covers 8 of the 10 Items. How do you stack up?
#
iacsecurity
#
opensourcesecurity
#
supplychainsecurity
#
vulnerabilityinsights
Comments
Add Comment
6 min read
Supermicro GPU Smuggling: What the Indictment Reveals
Simon Paxton
Simon Paxton
Simon Paxton
Follow
Mar 21
Supermicro GPU Smuggling: What the Indictment Reveals
#
semiconductorindustry
#
supplychainsecurity
#
exportcontrols
#
aihardware
Comments
Add Comment
7 min read
The Vulnerability Scanner That Became the Vulnerability
Peter Nasarah Dashe
Peter Nasarah Dashe
Peter Nasarah Dashe
Follow
Mar 31
The Vulnerability Scanner That Became the Vulnerability
#
cybersecurity
#
devsecops
#
opensource
#
supplychainsecurity
1
 reaction
Comments
2
 comments
2 min read
How to Detect and Recover From a Compromised Container Scanner
Alan West
Alan West
Alan West
Follow
Mar 23
How to Detect and Recover From a Compromised Container Scanner
#
security
#
containers
#
devops
#
supplychainsecurity
Comments
Add Comment
5 min read
Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT
SnykSec
SnykSec
SnykSec
Follow
for
Snyk
Apr 1
Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT
#
supplychainsecurity
1
 reaction
Comments
Add Comment
9 min read
Should RubyGems/Bundler Have a Cooldown Feature?
SHIBATA Hiroshi
SHIBATA Hiroshi
SHIBATA Hiroshi
Follow
Mar 19
Should RubyGems/Bundler Have a Cooldown Feature?
#
ruby
#
security
#
supplychainsecurity
#
packaging
56
 reactions
Comments
5
 comments
4 min read
18,883 MCP servers. Five Chinese tech giants joined this week. Zero security audits.
nasuy
nasuy
nasuy
Follow
Mar 26
18,883 MCP servers. Five Chinese tech giants joined this week. Zero security audits.
#
ai
#
security
#
mcp
#
supplychainsecurity
7
 reactions
Comments
Add Comment
3 min read
đź‘‹
Sign in
for the ability to sort posts by
relevant
,
latest
, or
top
.
We're a blogging-forward open source social network where we learn from one another
Log in
Create account
