Tag: software supply chains
-
Anchore: Analyzing the top MCP Docker Containers
Source URL: https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/ Source: Anchore Title: Analyzing the top MCP Docker Containers Feedly Summary: If you pay attention to the world of AI, you’ll have noticed that Model Context Protocol (MCP) is a very popular topic right now. The Model Context Protocol is an open standard that enables developers to build secure, two-way connections between…
-
The Register: One line of malicious npm code led to massive Postmark email heist
Source URL: https://www.theregister.com/2025/09/29/postmark_mcp_server_code_hijacked/ Source: The Register Title: One line of malicious npm code led to massive Postmark email heist Feedly Summary: MCP plus open source plus typosquatting … what could possibly go wrong? A fake npm package posing as Postmark’s MCP (Model Context Protocol) server silently stole potentially thousands of emails a day by adding…
-
Anchore: Hardened Images are Here to Stay
Source URL: https://anchore.com/blog/hardened-images-are-here-to-stay/ Source: Anchore Title: Hardened Images are Here to Stay Feedly Summary: Lately it seems like a new company building hardened container images is popping up every other day. What’s the deal with this, why the sudden influx of hardened images? A previous blog article titled “Navigating the New Compliance Frontier” discussed some…
-
Slashdot: Secure Software Supply Chains, Urges Former Go Lead Russ Cox
Source URL: https://developers.slashdot.org/story/25/09/21/0650219/secure-software-supply-chains-urges-former-go-lead-russ-cox?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Secure Software Supply Chains, Urges Former Go Lead Russ Cox Feedly Summary: AI Summary and Description: Yes Summary: The text emphasizes the critical need for enhancing software supply chain security, particularly in the face of ongoing vulnerabilities. It outlines practical solutions, such as adopting software signatures and reproducible builds,…
-
Unit 42: "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack
Source URL: https://unit42.paloaltonetworks.com/npm-supply-chain-attack/ Source: Unit 42 Title: "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack Feedly Summary: Self-replicating worm “Shai-Hulud” has compromised 180-plus software packages in a supply chain attack targeting the npm ecosystem. We discuss scope and more. The post “Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack appeared first on Unit…
-
Anchore: Grant’s Release 0.3.0: Smarter Policies, Faster Scans, and Simpler Compliance
Source URL: https://anchore.com/blog/grants-release-0-3-0-smarter-policies-faster-scans-and-simpler-compliance/ Source: Anchore Title: Grant’s Release 0.3.0: Smarter Policies, Faster Scans, and Simpler Compliance Feedly Summary: Every modern application is built on a foundation of open source dependencies. Dozens, hundreds, sometimes thousands of packages can make up a unit of software being shipped to production. Each of these packages carries its own license…