Search

github.blog › changelog

Code Security risk assessment available for organizations - GitHub Changelog

…coverage on pull requests is now in public preview application security platform governance May.19 Improvement Expanded OIDC support for Dependabot and code scanning application security supply chain security Back to top

Apr 8, 2026 · Allison

Top stories

bleepingcomputer.com

Early Warning Signs of Supply-Chain Attacks Live in the Dark Web

1w ago

techcrunch.com

Minimus launches supply chain protection and minicli to automate open-source and container security as code

1w ago

kotaku.com

Sony, Amazon Unsure If Their Supply Chains Funded Armed Conflict In 2025

1w ago

appleinsider.com › articles › 26 › …

The iPhone's Dynamic Island isn't going away yet, but its days are numbered

…The roadmap is unconfirmed, but it lines up with years of supply chain reports and analyst expectations. Apple has been steadily working to remove visible display cutouts without sacrificing Face ID performance…

Mar 26, 2026 · Andrew Orr

wccftech.com

CXMT & YMTC Removed From Pentagon’s ‘Restricted Companies’ List, Opening Door For Chinese DRAM & NAND Adoption in Consumer Products

…the US Commerce Department, particularly YMTC, which is on the Entity List, posing a risk to supply chain partners. Given that OEMs do show 'consistent' interest in adopting Chinese elements into end…

Feb 13, 2026 · Muhammad Zuhair

bleepingcomputer.com › news › security

GitHub confirms breach of 3,800 repos via malicious VSCode extension

…Send your offers to the communications below, we are not interested in under 50k, the best offer will get it." ​TeamPCP was previously linked to massive supply chain attacks targeting developer code…

May 20, 2026 · Sergiu Gatlan

Discussions and forums

r/devops · u/root0ps · 3w ago

pnpm 11 Might Finally Be a Better Default Than npm

pnpm 11 feels like the first Node.js package manager update in a while that actually improves supply chain security by default. Features like: minimumReleaseAge blockExoticSubdeps allowBuilds directly reduce the risk of …

Hacker News · u/randersson1000 · Apr 22, 2026

Speed Matters: Why AI Software Vulnerability Exploitation is going be bad

I co-founded a successful security company close to the Mythos ecosystem and have spoken with participants in the know and I am deeply concerned. We, collectively, have answers for some but not all of the problems ahead …

13 5

Hacker News · u/m3047 · 3w ago

Tell HN: The Threat to US Citizen's ID / Voting Is Private Services

THE REAL RISK AROUND VOTER ID NOW COMES FROM PRIVATE ENTERPRISEThis post has been condensed due to character limitations on HN posts.[...]What's happening is that private entities are curating the databases and operating…

2 8

theregister.com › security › 2026 › …

Two different attackers poisoned popular open source tools

…code. "The biggest thing that you can do is understand where your risk is," Biasini said. "If a supply-chain attack happens, you should be able to quickly determine where is this…

Apr 11, 2026 · Jessica Lyons

theverge.com › ai-artificial-intelligence › 919326

Google employees ask Sundar Pichai to say no to classified military AI use

…Otherwise, such uses may occur without our knowledge or the power to stop them.”  Anthropic is currently in a legal battle with the Pentagon over being designated a “supply chain risk…

Apr 27, 2026 · Stevie Bonifield

theregister.com › software › 2026 › …

If AI agents mess up, there's nobody to sue

…decisions in HR, finance, and supply chain management. LLM hallucinations in performance summaries, incorrect regulatory filings, and critical supplies failing to turn up are among the risks weighing on businesses that hand…

Apr 5, 2026 · Lindsay Clark

tomshardware.com › tech-industry

SoftBank to manufacture its own batteries with water-based tech to power AI data centers — targets gigawatt-hour-scale production by 2028

…electrolyte, which the company said eliminates ignition risk, while the use of zinc and halogen compounds will reduce dependence on Chinese-controlled supply chains for lithium and cobalt. While zinc-based batteries…

May 12, 2026 · Luke James

github.blog › changelog

GitHub Code Quality: Batch apply quality suggestions on pull requests - GitHub Changelog

…application security May.05 Release Code-to-cloud risk visibility with Microsoft Defender for Cloud is now generally available application security supply chain security May.05 Retired Deprecation notice: code_scanning_upload…

Mar 17, 2026 · Allison

github.blog › changelog

The Security tab is now Security & quality - GitHub Changelog

…support for Dependabot and code scanning application security supply chain security May.19 Improvement Start a GitHub Advanced Security trial from a risk assessment application security supply chain security Back to top

Apr 2, 2026 · Allison