Topic
Supply Chain Security.
11 stories of advisories, analysis, and defensive guidance in this topic.
GitHub Enterprise Server Signing Key Rotation Follows Internal Repository Breach
GitHub is rotating the GitHub Enterprise Server signing key after a breach tied to a poisoned VS Code extension and says GHES administrators need to update trusted public keys now.
Red Hat Cloud Services npm Compromise Shows How Trusted Frontend Packages Can Become A Build Pipeline Risk
Red Hat says a supply chain compromise affected multiple packages in the `@redhat-cloud-services` npm namespace after a compromised GitHub account pushed unauthorized commits.
Mini Shai-Hulud Targets 323 npm Packages via @antv
馃毃 Active supply chain attack compromises @antv npm packages, deploying credential stealers in a 300+ package wave. 馃洜 Patch immediately if running affected versions. 馃暤 Mini Shai-Hulud campaign linked to ongoing exploitati
Brief: Trellix source-code breach claim raises supply chain concerns
BleepingComputer and Dark Reading covered claims that RansomHouse obtained Trellix source code. The available public source listing supports a supply-chain risk discussion, but def
Defender Guidance: Trellix source-code breach claim raises supply chain concerns
BleepingComputer and Dark Reading covered claims that RansomHouse obtained Trellix source code. The available public source listing supports a supply-chain risk discussion, but def
Detection Notes: Trellix source-code breach claim raises supply chain concerns
BleepingComputer and Dark Reading covered claims that RansomHouse obtained Trellix source code. The available public source listing supports a supply-chain risk discussion, but def
Risk Brief: Trellix source-code breach claim raises supply chain concerns
BleepingComputer and Dark Reading covered claims that RansomHouse obtained Trellix source code. The available public source listing supports a supply-chain risk discussion, but def
Brief: Trivy supply chain attack targets CI/CD secrets
Dark Reading reported a Trivy-related supply-chain attack targeting CI/CD secrets. Pipeline secrets should be scoped, rotated, monitored, and protected from untrusted build steps.
Defender Guidance: Trivy supply chain attack targets CI/CD secrets
Dark Reading reported a Trivy-related supply-chain attack targeting CI/CD secrets. Pipeline secrets should be scoped, rotated, monitored, and protected from untrusted build steps.
Detection Notes: Trivy supply chain attack targets CI/CD secrets
Dark Reading reported a Trivy-related supply-chain attack targeting CI/CD secrets. Pipeline secrets should be scoped, rotated, monitored, and protected from untrusted build steps.
Risk Brief: Trivy supply chain attack targets CI/CD secrets
Dark Reading reported a Trivy-related supply-chain attack targeting CI/CD secrets. Pipeline secrets should be scoped, rotated, monitored, and protected from untrusted build steps.