A Retrospective Survey of 2024/2025 Open Source Supply Chain Compromises
Project compromises have common root causes we can mitigate: phishing, control handoff, and unsafe GitHub Actions triggers.| words.filippo.io
Project compromises have common root causes we can mitigate: phishing, control handoff, and unsafe GitHub Actions triggers.| words.filippo.io
Sonatype uncovers a wormable npm software supply chain attack compromising over 180 packages, following S1ngularity and Chalk/Debug campaigns.| www.sonatype.com
.png)
A new supply chain attack against the NPM repository is using novel, self-propagating malware (also known as a worm) to continue spreading itself.| www.sysdig.com
