Supply chain challenges risk delaying Nvidia's Rubin GPUs
… We've reached out to Nvidia for comment on potential delays to its Rubin lineup; we'll let you know if we hear anything back. ® nvidia systems supply chain on prem
Search
1K+ cloud environments infected via Trivy attack
… MORE CONTEXT Supply chain attacks now fuel a 'self-reinforcing' cybercrime economy A simple CodeBuild flaw put every AWS environment at risk – and pwned 'the central nervous system of the cloud' Shai-Hulud worm returns, belches secrets to 25K GitHub repos Crims poison 150K+ npm packages with token-… …
Documentation can contain malicious instructions for agents
Security AI supply chain attacks don’t even require malware…just post poisoned documentation A proof-of-concept attack on Context Hub suggests there's not much content santization A new service that helps coding agents stay up to date on their API calls could be dialing in a massive supply chain vu… …
Two different attackers poisoned popular open source tools
… "The biggest thing that you can do is understand where your risk is," Biasini said. "If a supply-chain attack happens, you should be able to quickly determine where is this package being used in our environment, and where are our potential infection points? …
If AI agents mess up, there's nobody to sue
… The largest enterprise application providers are now talking about using AI agents to automate decisions in HR, finance, and supply chain management. …
Beijing warns of more chip supply worries amid Nexperia mess
… However, Nexperia’s Dutch entity told Reuters its Chinese subsidiary’s statements were “factually incorrect and misleading.” China’s Ministry of Commerce said the incident “has stirred up new conflicts and created new difficulties and obstacles for the company's negotiation efforts,” and said: “If … …
Anthropic sues US over national security blacklist
… As The Register previously reported , in the same statement, originally published on February 28 and updated on March 2, OpenAI said it disagreed with the government's decision to designate Anthropic a supply chain risk. …
Project Glasswing and open source: The good, bad, and ugly
… People can't keep pretending this isn't real or coming." I then checked in with David Wheeler, director of Open Source Supply Chain Security at the Linux Foundation LF . …
AI-pwned: Vercel breach traced to stolen employee creds
… "There is no evidence of tampering, and we believe the supply chain remains safe," the statement adds. …
MCP 'design flaw' puts 200k servers at risk: Researcher
… "That's what it means to own the stack." ® supply chain ai anthropic open source security