supply chain security

The Future Of GitHub Actions Security And What You Can Do Right Now

The Future Of GitHub Actions Security And What You Can Do Right Now

| | supply chain security
GitHub is hardening Actions with deterministic dependencies, scoped secrets, and policy controls. Teams still need immediate detection and remediation for today’s risk ...
GitGuardian Blog - Take Control of Your Secrets Security

Axios Front-End Library npm Supply Chain Poisoning Alert

| | Axios, Blog, Emergency Response, Javascript, node.js, npm, supply chain security
Overview On March 31, NSFOCUS CERT detected that the npm repository of the HTTP client library Axios was poisoned by the supply chain. The attacker bypassed the normal GitHub Actions CI/CD pipeline ...
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.

Poisoned Axios: npm Account Takeover, 50 Million Downloads, and a RAT That Vanishes After Install

| | Application Security, malicious packages, supply chain security
See how the attack works, what to look for, and how to remediate ...
Mend
Security at Scale: How Open VSX Is Raising the Bar

Security at Scale: How Open VSX Is Raising the Bar

| | DevSecOps, open source, supply chain security, VS Code
Security work is often most visible when something goes wrong: a compromised package, a leaked credential, a typosquatted extension, an abused automation token. In those moments, it becomes clear that software infrastructure ...
Security Boulevard

Famous Telnyx Pypi Package compromised by TeamPCP

| | Application Security, malicious packages, supply chain security
See how the attack works, what to look for, and how to remediate ...
Mend

TeamPCP Supply Chain Attack Part 2: LiteLLM PyPI Credential Stealer

| | Application Security, malicious packages, supply chain security
Check and fix your install for the new LiteLLM PyPI compromise ...
Mend
AI Agents That Actually Fix Your Secrets Problem: GitGuardian + CyberArk MCP Demo

Honeytokens on the Developer Workstation: When Cleanup Takes Time

| | supply chain security
Plaintext secrets on developer machines create real supply chain risk. Honeytokens provide early detection while stronger identity-based controls are rolled out ...
GitGuardian Blog - Take Control of Your Secrets Security

CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive

| | Application Security, Dependency Updates, malicious packages, supply chain security
On March 20, 2026 at 20:45 UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were receiving unauthorized patch updates, all containing the same ...
Mend
supply chain software

The Silent Supply Chain: Why Your Fourth-Party Vendor is Your Biggest Blindspot 

| | AI‑driven risk, BlackSuit ransomware, cascade risk, CDK Global, continuous monitoring, critical supplier, dynamic prioritization, fourth‑party risk, Incident Response, questionnaires are broken, Security Automation, security ratings, supply chain security, supply‑chain resilience, third‑party mapping, third‑party risk, vendor dependency, Vendor Risk Management, vendor supply chain visibility., vulnerability intelligence
The CDK Global breach exposed how niche vendors can cripple entire industries. Move beyond questionnaires to continuous, AI-driven monitoring of third-, fourth- and nth‑party dependencies, dynamic prioritization, and threat‑informed supply‑chain risk management ...
Security Boulevard
Anthropic and Claude: 2026 AI Powerhouse

Anthropic and Claude: 2026 AI Powerhouse

| | AI Security, Government security, supply chain security
In early 2026, the image of Anthropic as a cautious, safety-oriented "research lab" has effectively been replaced by its reality: a $380 billion enterprise software powerhouse ...
Security, Decoded: Insights from Suzu Labs
Load more