Content Paint
Search
Sign in
Membership

software supply chain

 |  Security  | Aug 27, 2025
"s1ngularity" Nx supply chain attack: GitHub, AWS, OpenAI keys stolen
"s1ngularity" Nx supply chain attack: GitHub, AWS, OpenAI keys stolen

The malware "weaponized AI CLI tools (including Claude, Gemini, and q) to aid in reconnaissance and data exfiltration"

 |  Security  | Jul 26, 2025
AWS zero day exploited to access codebase for its AI assistant
AWS CodeBuild vulnerability CVE-2025-8217 exploited

AWS has now "included additional protections against memory dumps within container builds..."

 |  Security  | Jul 22, 2025
Google uses AI tools to limit open source supply chain attacks
A person uses an old viking shield to block someone with a sword. Google's OSS Rebuild platform uses AI to enhance open source security

Google's new open source platform will shield popular dependencies with automations and data visibility tools.

 |  Security  | Jul 08, 2025
A CISO's focus - lessons from the field
A CISO's focus - lessons from the field

Where are CISOs focusing and what makes a good one?

ecommerce  | May 07, 2025
Dormant software backdoor wakes up, puts hundreds of ecommerce stores at risk
A volcano erupts, the backdoor identified by Sansec had laid dormant for as long as six year.

Attackers taking "full control" of ecommerce servers

 |  Security  | Apr 15, 2024
XZ Redux? Social engineering attacks on OSS intercepted
openssf open source social engineering attack

"These emails implored OpenJS to take action to update one of its popular JavaScript projects to ‘address any critical vulnerabilities'"

Security  | Mar 30, 2024
Malicious backdoor, CVSS 10, slipped onto major Linux distributions
Malicious backdoor, CVSS 10, slipped onto major Linux distributions

Poisoned Easter eggs for all: Apparent supply chain attack caught mercifully early…

 |  CISA  | Feb 12, 2024
How secure is your package repo? CISA defines four levels of security maturity, starting at zero
How secure is your package repo? CISA defines four levels of security maturity, starting at zero

"Package managers are at a critical point in the open source ecosystem and have the capability to scale security improvements across open source ecosystems"

SolarWinds  | Oct 31, 2023
SolarWinds sued by SEC over 2019 monster hack, CISO also charged with fraud, control failures
SolarWinds sued by SEC, SolarWinds CISO also charged with fraud

SolarWinds’ poor controls... false and misleading statements and omissions, and the other misconduct... would have violated the federal securities laws even if SolarWinds had not experienced a major, targeted cybersecurity attack"

Interviews, insight, intelligence, and exclusive events for digital leaders.

© 2026 The Stack
©  2026 The Stack

Search the site
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Great! You've successfully signed up.
Great! You've successfully signed up.
Welcome back! You've successfully signed in.
Success! You now have access to additional content.