Tag feed

#supplychainsecurity

34 posts2 followers

Trending tags this week

The Quiet Places Attackers Enter

May 16 · 10 min read · A 404 Founders field note on Exchange, SD-WAN, poisoned packages, and fake AI repositories. Abstract Some weeks in cybersecurity feel like a list of unrelated fires. This week had a clearer shape. Ex

Join discussion

AUAmaan Ul Haq Siddiquiamaanx86.hashnode.dev

0

End-to-End Supply Chain Security for a Go Project: TUF on CI, cosign, and SLSA L3

Apr 15 · 12 min read · Adding cosign sign to a CI pipeline and calling it "signed releases" is a bit like putting a lock on a glass door. The lock works. The glass does not. Signing the image proves a specific digest was si

Join discussion

Aanhblog.anh.sh

0

Why (and How) I Built a Go AI SDK

Apr 7 · 9 min read · GoAI, a Go (Golang) LLM library: 22+ providers, 2 dependencies, type-safe generics. v0.6.1, Go 1.25+. I built it to learn Go by adding AI to infrastructure that already runs on Go. The Go AI SDK lan

Join discussion

HKHare Krishna Raiblog.harekrishnarai.me

0

Axios malicious package: what developers and defenders should check

Apr 4 · 5 min read · Why this matters Software supply chain attacks are landing one after another. Recent incidents involving Trivy, Checkmarx KICS, LiteLLM, Telnyx, and now Axios show the same pattern: compromise trusted

Join discussion

SMShubham Mishrasammy-secops.hashnode.dev

1

From Security Tool to Credential Stealer: The TeamPCP Trivy Supply Chain Attack

Apr 3 · 40 min read · TL;DR — Read This First On March 19, 2026 at approximately 17:43 UTC, threat actor group TeamPCP silently redirected trivy-action@0.34.2 — a real, trusted release already running in thousands of CI/CD

CCorrelic commented

SDSylvester Dasblog.minifyn.com

0

Beyond Log4Shell: Fortifying Your Defenses Against the Next Cyber Crisis

Mar 31 · 3 min read · The Log4Shell vulnerability sent shockwaves through the tech world, exposing critical weaknesses in our software supply chains. But was it just a harbinger of what's to come, and are we truly prepared

Join discussion

AEArinze Egbo (NrArinze)apexxsynapse.hashnode.dev

0

Hardening the CI/CD Pipeline: Transitioning to ML-DSA and Stateless Signatures

Mar 5 · 3 min read · The Silent Threat to Software Integrity Most modern DevOps pipelines rely on RSA or ECDSA to sign binaries, Docker images, and commits. While these are secure against classical computers, a cryptograp

Join discussion

MDMike Darlingtonblog.darlington.dev

0

The Markdown Attack Nobody's Talking About.

Feb 5 · 8 min read · I ran ls ~/.claude/skills/ the other day and found SKILL.md files I don't remember installing. Probably grabbed them from some GitHub link in a Discord thread months ago at like 2am. Opened one up, it was fine, just boring config stuff. But it could ...

Join discussion

CCYBERDUDEBIVASHcyberdudebivash.hashnode.dev

0

Why the TrustWallet "Chrome Extension" is a Security Disaster

Dec 26, 2025 · 12 min read · Author:CyberDudeBivashPowered by:CyberDudeBivash Brand |cyberdudebivash.comRelated:cyberbivash.blogspot.com Daily Threat Intel by CyberDudeBivashZero-days, exploit breakdowns, IOCs, detection rules & mitigation playbooks.Follow on LinkedInApps & Sec...

Join discussion

YKYoussef Khouidi01tek.hashnode.dev

0

NPM = Wild Wild West: It's Time to Stop the Madness

Nov 29, 2025 · 3 min read · For decades, the JavaScript ecosystem has been a welcoming, innovative space where anyone can publish and share code. It's been beautiful. It's democratized software development. But it's also been a security nightmare. We've Been Here Before Remembe...

Join discussion

#supplychainsecurity

Search Hashnode

#supplychainsecurity

Trending tags this week

The Quiet Places Attackers Enter

End-to-End Supply Chain Security for a Go Project: TUF on CI, cosign, and SLSA L3

Why (and How) I Built a Go AI SDK

Axios malicious package: what developers and defenders should check

From Security Tool to Credential Stealer: The TeamPCP Trivy Supply Chain Attack

Beyond Log4Shell: Fortifying Your Defenses Against the Next Cyber Crisis

Hardening the CI/CD Pipeline: Transitioning to ML-DSA and Stateless Signatures

The Markdown Attack Nobody's Talking About.

Why the TrustWallet "Chrome Extension" is a Security Disaster

NPM = Wild Wild West: It's Time to Stop the Madness