DEV Community

# supplychainsecurity

Posts

đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.
Miasma Worm: How Opening a Repo in Claude Code Became a Credential Theft Vector
toniantunovic profile

Miasma Worm: How Opening a Repo in Claude Code Became a Credential Theft Vector

#security #supplychainsecurity #claudecode #devsecops
Comments
9 min read
The Gemini CLI CVSS 10 Attack: How a GitHub Issue Became a Supply Chain Weapon
toniantunovic profile

The Gemini CLI CVSS 10 Attack: How a GitHub Issue Became a Supply Chain Weapon

#security #promptinjection #supplychainsecurity #devsecops
Comments
6 min read
Supply Chain Attacks: Schutz vor bösartigen Abhängigkeiten im IT-Betrieb
uhltak profile

Supply Chain Attacks: Schutz vor bösartigen Abhängigkeiten im IT-Betrieb

#supplychainsecurity #abhaengigkeiten #devsecops #softwaresupplychain
Comments
5 min read
Signing Container Images with Cosign
kasi_subbarayudu profile

Signing Container Images with Cosign

#supplychainsecurity #kubernetes #containers #security
Comments
15 min read
The CRA's 24-hour clock is a cross-repo question. Your SBOM answers a different one.
danielwe profile

The CRA's 24-hour clock is a cross-repo question. Your SBOM answers a different one.

#cra #sbom #supplychainsecurity #infrastructure
Comments
12 min read
Socket: Secure Your JavaScript Supply Chain Against AI Threats
jaychkdsk profile

Socket: Secure Your JavaScript Supply Chain Against AI Threats

#supplychainsecurity #javascript #aithreats #sbom
Comments
6 min read
What LucidShark Would Have Caught Before the TanStack Attack Landed
toniantunovic profile

What LucidShark Would Have Caught Before the TanStack Attack Landed

#supplychainsecurity #sca #tanstack #devsecops
Comments
7 min read
Clinejection: When Your AI Coding Tool Became the Weapon
toniantunovic profile

Clinejection: When Your AI Coding Tool Became the Weapon

#promptinjection #supplychainsecurity #devsecops #githubactions
1
Comments
9 min read
Slopsquatting: The Attacker Playbook for AI-Hallucinated Package Names
toniantunovic profile

Slopsquatting: The Attacker Playbook for AI-Hallucinated Package Names

#slopsquatting #supplychainsecurity #aicodingagents #npmsecurity
1
Comments
10 min read
Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers
snyk_sec profile
SnykSec for Snyk

Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers

#supplychainsecurity #python #kubernetes #docker
Comments
9 min read
AI Hallucinated Dependencies Are the New Supply Chain Attack: How to Stop Them
toniantunovic profile

AI Hallucinated Dependencies Are the New Supply Chain Attack: How to Stop Them

#supplychainsecurity #aicode #npm #security
Comments
8 min read
Supply Chain Security Proxy: Move Beyond Vulnerability Scanning
devopsstart profile

Supply Chain Security Proxy: Move Beyond Vulnerability Scanning

#supplychainsecurity #artifactprovenance #slsaframework #devsecopspipeline
Comments
8 min read
GitHub Actions Security: How to Stop Secret Leaks in CI/CD
devopsstart profile

GitHub Actions Security: How to Stop Secret Leaks in CI/CD

#githubactionssecurity #oidcauthentication #cicdhardening #supplychainsecurity
Comments
7 min read
How Attackers Turned Trivy Into a Weapon Against Cisco
randomchaos profile
RC

How Attackers Turned Trivy Into a Weapon Against Cisco

#supplychainsecurity #threatintelligence #shinyhunters #ciscobreach
Comments
4 min read
Cisco's Source Code Breach Was Structural, Not Accidental
randomchaos profile
RC

Cisco's Source Code Breach Was Structural, Not Accidental

#cybersecurity #databreach #supplychainsecurity #secretsmanagement
Comments
3 min read
đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.