Content Paint
Search
Sign in
Membership

software supply chain

 |  Data  | Sep 16, 2025
Hackers drop 'self-propagating’ malware in fresh supply chain attack
Hackers drop 'self-propagating’ malware in fresh supply chain attack

The malicious code creates a 'cascading compromise effect' into dependent ecosystems across npm's registry.

 |  Developer  | Sep 10, 2025
npm attack: calamity averted, what now?
npm attack: calamity averted, what now?

Protect yourself from malicious "phish" swimming upstream in OSS package consumption.

 |  Security  | Aug 27, 2025
"s1ngularity" Nx supply chain attack: GitHub, AWS, OpenAI keys stolen
"s1ngularity" Nx supply chain attack: GitHub, AWS, OpenAI keys stolen

The malware "weaponized AI CLI tools (including Claude, Gemini, and q) to aid in reconnaissance and data exfiltration"

 |  Security  | Jul 26, 2025
AWS zero day exploited to access codebase for its AI assistant
AWS CodeBuild vulnerability CVE-2025-8217 exploited

AWS has now "included additional protections against memory dumps within container builds..."

 |  Security  | Jul 22, 2025
Google uses AI tools to limit open source supply chain attacks
A person uses an old viking shield to block someone with a sword. Google's OSS Rebuild platform uses AI to enhance open source security

Google's new open source platform will shield popular dependencies with automations and data visibility tools.

 |  Security  | Jul 08, 2025
A CISO's focus - lessons from the field
A CISO's focus - lessons from the field

Where are CISOs focusing and what makes a good one?

ecommerce  | May 07, 2025
Dormant software backdoor wakes up, puts hundreds of ecommerce stores at risk
A volcano erupts, the backdoor identified by Sansec had laid dormant for as long as six year.

Attackers taking "full control" of ecommerce servers

 |  Security  | Apr 15, 2024
XZ Redux? Social engineering attacks on OSS intercepted
openssf open source social engineering attack

"These emails implored OpenJS to take action to update one of its popular JavaScript projects to ‘address any critical vulnerabilities'"

Security  | Mar 30, 2024
Malicious backdoor, CVSS 10, slipped onto major Linux distributions
Malicious backdoor, CVSS 10, slipped onto major Linux distributions

Poisoned Easter eggs for all: Apparent supply chain attack caught mercifully early…

Interviews, insight, intelligence, and exclusive events for digital leaders.

© 2025 The Stack
©  2025 The Stack

Search the site
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Great! You've successfully signed up.
Great! You've successfully signed up.
Welcome back! You've successfully signed in.
Success! You now have access to additional content.