supply-chain 39

• Visual Studio Extensions Revisited May 28, 2026
• Out of the Crypt: The Evolving Cyber Extortion Economy May 27, 2026
• Intelligence Insights: May 2026 May 26, 2026
• AWS Security Digest #262 - Not private May 25, 2026
• We hardened zizmor's GitHub Actions static analyzer May 22, 2026
• Shai-Hulud Is Back, and This Time It Ate the Whole Ecosystem May 21, 2026
• SVD-2026-0515: Third-Party Package Updates in Splunk User Behavior Analytics - May 2026 May 20, 2026
• SVD-2026-0512: Third-Party Package Updates in Splunk AppDynamics Private Synthetic Agent (PSA) - May 2026 May 20, 2026
• Reduce CVE noise with OpenVEX assessments in Datadog May 20, 2026
• durabletask: TeamPCP's Latest PyPi Compromise May 19, 2026
• AWS Security Digest #261 - Pretending May 18, 2026
• Living Off the Pipeline: Defending Against CI/CD Subversion May 15, 2026
• Backdoored node-ipc npm releases steal developer credentials through DNS queries May 14, 2026
• Backdoored Cemu release linked to TanStack and Mistral supply chain campaign May 14, 2026
• Shai-Hulud Goes Open Source May 13, 2026
• Composer vulnerability leaks GitHub tokens, threatens PHP supply chain May 13, 2026
• Mini Shai-Hulud Strikes Again: TanStack + more npm Packages Compromised May 12, 2026
• Malicious Coding Agent Skills and the Risk of Dynamic Context May 11, 2026
• Personal Software and BaremetalVMM May 10, 2026
• The Good, the Bad and the Ugly in Cybersecurity – Week 18 May 1, 2026
• You’re Not Watching MCPs. Anthropic’s Vulnerability Shows Why You Should Be. Apr 23, 2026
• IR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persist Apr 23, 2026
• From Code to Pipeline: Wiz Code Now Secures Your Build Environment Apr 21, 2026
• Context.ai OAuth Token Compromise Apr 21, 2026
• Fracturing Software Security With Frontier AI Models Apr 21, 2026
• Spotting CI/CD misconfigurations before the bots do: Securing GitHub Actions with Datadog IaC Security Apr 17, 2026
• The case for dependency cooldowns in a post-axios world Apr 17, 2026
• Performing Supply-Chain Attack in the NodeJS Ecosystem [hands-on exercise] Apr 16, 2026
• Primer on GitHub Actions Security - Threat Model, Attacks and Defenses (Part 1/2) Apr 15, 2026
• Securing the Software Supply Chain: How SentinelOne’s AI EDR Autonomously Blocked the CPU-Z Watering Hole Cyber Attack Apr 15, 2026
• CI/CD security: How to secure your GitHub ecosystem Apr 9, 2026
• CI/CD security: threat modeling using a MITRE-style threat matrix Apr 9, 2026
• AI in cybersecurity: The good, the bad, and the FUD Apr 9, 2026
• Scroll trīgintā sextus Apr 9, 2026
• What enables malicious models? Apr 8, 2026
• Using KServe to deploy malicious models Apr 8, 2026
• Model Confusion - Weaponizing ML models for red teams and bounty hunters Apr 8, 2026
• Introducing the Offsec ML Playbook v0.1 Apr 8, 2026
• Six Accounts, One Actor: Inside the prt-scan Supply Chain Campaign Apr 4, 2026