Content Paint
Search
Sign in
Membership

software supply chain

Axios  | Apr 13, 2026
Axios has a CVSS 10 bug, risks "full cloud compromise"
Axios has a CVSS 10 bug, risks "full cloud compromise"

"If an attacker can pollute Object.prototype via any other library in the stack (e.g., qs, minimist, ini, body-parser), Axios will automatically..."

 |  software supply chain  | Apr 06, 2026
Pyongyang, versus Nebraska?
Pyongyang, versus Nebraska?

Individual OSS developers are being targeted by nation states…

Security  | Mar 31, 2026
Hugely popular npm package, Axios, compromised
Hugely popular npm package, Axios, compromised

“This is among the most operationally sophisticated supply chain attacks ever documented against a top-10 npm package."

Security  | Mar 23, 2026
Open source scanner compromise reveals CI/CD's vulnerable underbelly
Open source scanner compromise reveals CI/CD's vulnerable underbelly

"GitHub’s Immutable badge was intended as a trust signal..."

Chainguard  | Mar 18, 2026
Chainguard eyes CI/CD security with hardened Github Actions, looks to ISV images too.
Chainguard eyes CI/CD security with hardened Github Actions, looks to ISV images too.

The software supply chain startup is also now working with ISVs like Elastic and GitLab to harden their software as well as OSS.

 |  software supply chain  | Jan 26, 2026
Why SBOMs aren't a silver bullet
Why SBOMs aren't a silver bullet

"SBOMs describe what ends up in a piece of software, not how it got there. That distinction matters because..."

 |  Data  | Sep 16, 2025
Hackers drop 'self-propagating’ malware in fresh supply chain attack
Hackers drop 'self-propagating’ malware in fresh supply chain attack

The malicious code creates a 'cascading compromise effect' into dependent ecosystems across npm's registry.

 |  Developer  | Sep 10, 2025
npm attack: calamity averted, what now?
npm attack: calamity averted, what now?

Protect yourself from malicious "phish" swimming upstream in OSS package consumption.

 |  Security  | Aug 27, 2025
"s1ngularity" Nx supply chain attack: GitHub, AWS, OpenAI keys stolen
"s1ngularity" Nx supply chain attack: GitHub, AWS, OpenAI keys stolen

The malware "weaponized AI CLI tools (including Claude, Gemini, and q) to aid in reconnaissance and data exfiltration"

Interviews, insight, intelligence, and exclusive events for digital leaders.

© 2026 The Stack
©  2026 The Stack

Search the site
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Great! You've successfully signed up.
Great! You've successfully signed up.
Welcome back! You've successfully signed in.
Success! You now have access to additional content.