… Late last week, security researcher Paul McCarty warned about a widespread supply chain attack targeting Trivy, an open source scanner maintained by Aqua Security that finds vulnerabilities, misconfigurations, and exposed secrets. …
Security AI supply chain attacks don’t even require malware…just post poisoned documentation A proof-of-concept attack on Context Hub suggests there's not much content santization A new service that helps coding agents stay up to date on their API calls could be dialing in a massive supply chain vu… …
Security Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise Time to start dropping SBOMs FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from tens of thousands – if … …
AI + ML Anthropic sues US government after unprecedented national security designation Brands Trump administration decision 'legally unsound' and has 'no choice but to challenge it in court' AI giant Anthropic says that it has "no choice" but to sue the US government after being officially designat… …
… The largest enterprise application providers are now talking about using AI agents to automate decisions in HR, finance, and supply chain management. …
… People can't keep pretending this isn't real or coming." I then checked in with David Wheeler, director of Open Source Supply Chain Security at the Linux Foundation LF . …
… "That's what it means to own the stack." ® supply chain ai anthropic open source security
… However, Nexperia’s Dutch entity told Reuters its Chinese subsidiary’s statements were “factually incorrect and misleading.” China’s Ministry of Commerce said the incident “has stirred up new conflicts and created new difficulties and obstacles for the company's negotiation efforts,” and said: “If … …
… "There is no evidence of tampering, and we believe the supply chain remains safe," the statement adds. …
… MORE CONTEXT Attackers exploited this critical FortiClient EMS bug as a 0-day Microsoft blames Medusa ransomware affiliates for GoAnywhere exploits while Fortra keeps head buried Adobe finally patches PDF pest after months of abuse Two different attackers poisoned popular open source tools - and sh… …