Content Paint
Search
Sign in
Membership

software supply chain

Security  | Mar 23, 2026
Open source scanner compromise reveals CI/CD's vulnerable underbelly
Open source scanner compromise reveals CI/CD's vulnerable underbelly

"GitHub’s Immutable badge was intended as a trust signal..."

Chainguard  | Mar 18, 2026
Chainguard eyes CI/CD security with hardened Github Actions, looks to ISV images too.
Chainguard eyes CI/CD security with hardened Github Actions, looks to ISV images too.

The software supply chain startup is also now working with ISVs like Elastic and GitLab to harden their software as well as OSS.

 |  software supply chain  | Jan 26, 2026
Why SBOMs aren't a silver bullet
Why SBOMs aren't a silver bullet

"SBOMs describe what ends up in a piece of software, not how it got there. That distinction matters because..."

 |  Data  | Sep 16, 2025
Hackers drop 'self-propagating’ malware in fresh supply chain attack
Hackers drop 'self-propagating’ malware in fresh supply chain attack

The malicious code creates a 'cascading compromise effect' into dependent ecosystems across npm's registry.

 |  Developer  | Sep 10, 2025
npm attack: calamity averted, what now?
npm attack: calamity averted, what now?

Protect yourself from malicious "phish" swimming upstream in OSS package consumption.

 |  Security  | Aug 27, 2025
"s1ngularity" Nx supply chain attack: GitHub, AWS, OpenAI keys stolen
"s1ngularity" Nx supply chain attack: GitHub, AWS, OpenAI keys stolen

The malware "weaponized AI CLI tools (including Claude, Gemini, and q) to aid in reconnaissance and data exfiltration"

 |  Security  | Jul 26, 2025
AWS zero day exploited to access codebase for its AI assistant
AWS CodeBuild vulnerability CVE-2025-8217 exploited

AWS has now "included additional protections against memory dumps within container builds..."

 |  Security  | Jul 22, 2025
Google uses AI tools to limit open source supply chain attacks
A person uses an old viking shield to block someone with a sword. Google's OSS Rebuild platform uses AI to enhance open source security

Google's new open source platform will shield popular dependencies with automations and data visibility tools.

 |  Security  | Jul 08, 2025
A CISO's focus - lessons from the field
A CISO's focus - lessons from the field

Where are CISOs focusing and what makes a good one?

Interviews, insight, intelligence, and exclusive events for digital leaders.

© 2026 The Stack
©  2026 The Stack

Search the site
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Great! You've successfully signed up.
Great! You've successfully signed up.
Welcome back! You've successfully signed in.
Success! You now have access to additional content.