software supply chain
+ we STACKUP the latest funding rounds, and the first software supply chain security Magic Quadrant
Eight leaders; not a “challenger” in sight, but some pointed words.
"The malware now generates a uniquely encrypted payload for each infection, making hash-based IOCs useful only for a specific package version"
One poisoned extension. One trusted developer. Goodbye, private repositories. Claude Code configurations being targeted.
"If an attacker can pollute Object.prototype via any other library in the stack (e.g., qs, minimist, ini, body-parser), Axios will automatically..."
“This is among the most operationally sophisticated supply chain attacks ever documented against a top-10 npm package."