software supply chain – Page 2 – Experimental News Clipping Site

Anchore: Hardened Images are Here to Stay

Sep 25, 2025

—

by

Source URL: https://anchore.com/blog/hardened-images-are-here-to-stay/ Source: Anchore Title: Hardened Images are Here to Stay Feedly Summary: Lately it seems like a new company building hardened container images is popping up every other day. What’s the deal with this, why the sudden influx of hardened images? A previous blog article titled “Navigating the New Compliance Frontier” discussed some…

The Register: New string of phishing attacks targets Python developers

Sep 24, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/24/pypi_phishing_attacks/ Source: The Register Title: New string of phishing attacks targets Python developers Feedly Summary: If you recently got an email asking you to verify your credentials to a PyPI site, better change that password The Python Software Foundation warned users of a new string of phishing attacks using a phony Python Package…

The Register: GitHub moves to tighten npm security amid phishing, malware plague

Sep 23, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/23/github_npm_registry_security/ Source: The Register Title: GitHub moves to tighten npm security amid phishing, malware plague Feedly Summary: Hundreds of compromised packages pulled as registry shifts to 2FA and trusted publishing GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks.… AI Summary and Description:…

Slashdot: Secure Software Supply Chains, Urges Former Go Lead Russ Cox

Sep 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://developers.slashdot.org/story/25/09/21/0650219/secure-software-supply-chains-urges-former-go-lead-russ-cox?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Secure Software Supply Chains, Urges Former Go Lead Russ Cox Feedly Summary: AI Summary and Description: Yes Summary: The text emphasizes the critical need for enhancing software supply chain security, particularly in the face of ongoing vulnerabilities. It outlines practical solutions, such as adopting software signatures and reproducible builds,…

Slashdot: Self-Replicating Worm Affected Several Hundred NPM Packages, Including CrowdStrike’s

Sep 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/09/20/0542237/self-replicating-worm-affected-several-hundred-npm-packages-including-crowdstrikes Source: Slashdot Title: Self-Replicating Worm Affected Several Hundred NPM Packages, Including CrowdStrike’s Feedly Summary: AI Summary and Description: Yes Summary: The Shai-Hulud malware campaign has affected numerous npm packages, including those maintained by CrowdStrike, via the injection of malicious scripts designed to steal developer credentials and exfiltrate sensitive information. The campaign highlights…

Docker: Docker and CNCF: Partnering to Power the Future of Open Source

Sep 18, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.docker.com/blog/docker-cncf-partnership/ Source: Docker Title: Docker and CNCF: Partnering to Power the Future of Open Source Feedly Summary: At Docker, open source is not just something we support; it’s a core part of our culture. It’s part of our DNA. From foundational projects like Docker Compose (35.5k stars, 5.4k forks) and Moby (69.8k stars,…

Unit 42: "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack

Sep 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/npm-supply-chain-attack/ Source: Unit 42 Title: "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack Feedly Summary: Self-replicating worm “Shai-Hulud” has compromised 180-plus software packages in a supply chain attack targeting the npm ecosystem. We discuss scope and more. The post “Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack appeared first on Unit…

Anchore: Grant’s Release 0.3.0: Smarter Policies, Faster Scans, and Simpler Compliance

Sep 16, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://anchore.com/blog/grants-release-0-3-0-smarter-policies-faster-scans-and-simpler-compliance/ Source: Anchore Title: Grant’s Release 0.3.0: Smarter Policies, Faster Scans, and Simpler Compliance Feedly Summary: Every modern application is built on a foundation of open source dependencies. Dozens, hundreds, sometimes thousands of packages can make up a unit of software being shipped to production. Each of these packages carries its own license…

Anchore: Anchore Enterprise is now SPDX 3 Ready

Sep 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://anchore.com/blog/anchore-enterprise-is-now-spdx-3-ready/ Source: Anchore Title: Anchore Enterprise is now SPDX 3 Ready Feedly Summary: We’re excited to announce that Anchore Enterprise is now SDPX 3 ready. If you’re a native to the world of SBOMs this may feel a bit confusing given that the Linux Foundation announced the release of SPDX 3 last year.…

The Register: More packages poisoned in npm attack, but would-be crypto thieves left pocket change

Sep 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/09/npm_supply_chain_attack/ Source: The Register Title: More packages poisoned in npm attack, but would-be crypto thieves left pocket change Feedly Summary: Miscreants cost victims time rather than money During the two-hour window on Monday in which hijacked npm versions were available for download, malware-laced packages reached one in 10 cloud environments, according to Wiz…

Tag: software supply chain