Supply Chain Attack
148 npm Packages Disguised as Student Proxies Reportedly Turned Browsers Into a DDoS Botnet
A large-scale JavaScript-ecosystem supply-chain compromise — defender inventory work this week.
Analyzing the weaponization of the software and hardware lifecycle. Coverage of NPM hijacks, vendor compromises, and SBOM security strategies.
Supply Chain Attack
A large-scale JavaScript-ecosystem supply-chain compromise — defender inventory work this week.
Artificial Intelligence (AI)
An AI-IDE supply-chain finding — defender review for organizations using Cursor this week.
Artificial Intelligence (AI)
Another AI-agent supply-chain finding — defender posture review for organizations deploying memory-enabled agents this week.
Supply Chain Attack
A GitHub-organization reconnaissance campaign — defender posture and account-hygiene review this week.
Supply Chain Attack
Another JavaScript-ecosystem SDK compromise — defender inventory work continues this week.
Supply Chain Attack
Another JavaScript-ecosystem SDK compromise with cryptocurrency-user implications — defender inventory work this week.
Supply Chain Attack
A meaningful ecosystem-policy signal from npm after months of contributor-account compromises — defender developers review CI/CD posture this week.
Supply Chain Attack
An AI-hallucination supply-chain finding with organization-wide implications — defender review this week.
Vulnerabilities
An agentic-workflow data-exposure disclosure with organization-wide DevSecOps implications — defender review this week.
Artificial Intelligence (AI)
An AI-coding-agent bypass with cross-vendor implications — defender posture-review work for organizations running open-source agents this week.
Artificial Intelligence (AI)
A fresh vendor-research disclosure at the intersection of AI agents and supply-chain risk — Microsoft says poisoned tool descriptions can quietly redirect what an agent does, and pairs the research with defender guidance for teams shipping agentic AI this week.
Vulnerabilities
A coding-AI-assistant flaw with cloud-credential implications — defender posture review for the week.