Content Paint
Search
Sign in
Membership

software supply chain

 |  software supply chain  | Jun 02, 2026
Red Hat packages injected with worm in supply chain attack
Red Hat packages injected with worm in supply chain attack

"The malware now generates a uniquely encrypted payload for each infection, making hash-based IOCs useful only for a specific package version"

 |  Security  | May 31, 2026
IBM muscles into OSS security space with $5 billion “Lightwell” project
IBM muscles into OSS security space with $5 billion “Lightwell” project

"Unsexy infrastructure" - An 800-pound gorilla just entered the OSS security space

GitHub  | May 20, 2026
GitHub breached: 3,800 private repos exfiltrated
GitHub breached: 3,800 private repos exfiltrated

One poisoned extension. One trusted developer. Goodbye, private repositories. Claude Code configurations being targeted.

Axios  | Apr 13, 2026
Axios has a CVSS 10 bug, risks "full cloud compromise"
Axios has a CVSS 10 bug, risks "full cloud compromise"

"If an attacker can pollute Object.prototype via any other library in the stack (e.g., qs, minimist, ini, body-parser), Axios will automatically..."

 |  software supply chain  | Apr 06, 2026
Pyongyang, versus Nebraska?
Pyongyang, versus Nebraska?

Individual OSS developers are being targeted by nation states…

Security  | Mar 31, 2026
Hugely popular npm package, Axios, compromised
Hugely popular npm package, Axios, compromised

“This is among the most operationally sophisticated supply chain attacks ever documented against a top-10 npm package."

Security  | Mar 23, 2026
Open source scanner compromise reveals CI/CD's vulnerable underbelly
Open source scanner compromise reveals CI/CD's vulnerable underbelly

"GitHub’s Immutable badge was intended as a trust signal..."

Chainguard  | Mar 18, 2026
Chainguard eyes CI/CD security with hardened Github Actions, looks to ISV images too.
Chainguard eyes CI/CD security with hardened Github Actions, looks to ISV images too.

The software supply chain startup is also now working with ISVs like Elastic and GitLab to harden their software as well as OSS.

 |  software supply chain  | Jan 26, 2026
Why SBOMs aren't a silver bullet
Why SBOMs aren't a silver bullet

"SBOMs describe what ends up in a piece of software, not how it got there. That distinction matters because..."

Interviews, insight, intelligence, and exclusive events for digital leaders.

© 2026 The Stack
©  2026 The Stack

Search the site
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Great! You've successfully signed up.
Great! You've successfully signed up.
Welcome back! You've successfully signed in.
Success! You now have access to additional content.