Search

theregister.com › special-features › 2026 › …

1K+ cloud environments infected via Trivy attack

…Late last week, security researcher Paul McCarty warned about a widespread supply chain attack targeting Trivy, an open source scanner maintained by Aqua Security that finds vulnerabilities, misconfigurations, and exposed secrets. Developers…

Mar 24, 2026 · Jessica Lyons

Top stories

bleepingcomputer.com

GitHub links repo breach to TanStack npm supply-chain attack

5d ago

techcrunch.com

OpenAI says hackers stole some data after latest code security issue | TechCrunch

1w ago

pcgamer.com

I asked supply chain experts just how screwed PC components are due to the war in Iran

1w ago

wired.com › story

Pentagon’s ‘Attempt to Cripple’ Anthropic Is Troubling, Judge Says

“It looks like an attempt to cripple Anthropic,” Lin said of the Pentagon designating the company a supply-chain risk. “It looks like [the department] is punishing Anthropic for trying to bring…

Mar 24, 2026 · Paresh Dave

github.blog › security

Security-related product updates - GitHub Blog

…free The new Code Security Risk Assessment gives you a one-click view of vulnerabilities across your organization, at no cost. Securing the open source supply chain across GitHub Recent attacks on…

Apr 28, 2026 · Alexis Wales

github.blog › changelog

CodeQL 2.25.0 adds Swift 6.2.4 support - GitHub Changelog

…May.19 Improvement Expanded OIDC support for Dependabot and code scanning application security supply chain security May.19 Improvement Start a GitHub Advanced Security trial from a risk assessment application security supply…

Mar 31, 2026 · Allison

Discussions and forums

Hacker News · u/randersson1000 · Apr 22, 2026

Speed Matters: Why AI Software Vulnerability Exploitation is going be bad

I co-founded a successful security company close to the Mythos ecosystem and have spoken with participants in the know and I am deeply concerned. We, collectively, have answers for some but not all of the problems ahead …

13 5

theregister.com › security › 2026 › …

Documentation can contain malicious instructions for agents

Security AI supply chain attacks don’t even require malware…just post poisoned documentation A proof-of-concept attack on Context Hub suggests there's not much content santization A new service…

Mar 25, 2026 · Thomas Claburn

techspot.com › news

The FCC has banned new foreign-made routers, but existing ones can keep receiving updates until 2029

…Rules adopted in March block approval of new consumer routers manufactured outside the United States, part of an effort the commission says targets national security risks in foreign supply chains. That restriction…

May 12, 2026

github.blog › changelog

CodeQL now supports sanitizers and validators in models-as-data - GitHub Changelog

…May.19 Improvement Expanded OIDC support for Dependabot and code scanning application security supply chain security May.19 Improvement Start a GitHub Advanced Security trial from a risk assessment application security supply…

Apr 21, 2026 · Allison

github.blog › changelog

CodeQL 2.25.4 adds Swift 6.3.1 support, improvements to C# and Java, and more - GitHub Changelog

…May.19 Improvement Expanded OIDC support for Dependabot and code scanning application security supply chain security May.19 Improvement Start a GitHub Advanced Security trial from a risk assessment application security supply…

May 12, 2026 · Allison

amd.com › en › solutions › …

AMD Device Provenance Services

Silicon Provenance for Secure Supply Chains Semiconductor supply chains face ever rising risks. AMD Device Provenance Services are designed to help verify the origin, design integrity, and provide traceability information for AMD…

github.blog › changelog

CodeQL 2.25.3 adds Swift 6.3 support - GitHub Changelog

…May.19 Improvement Expanded OIDC support for Dependabot and code scanning application security supply chain security May.19 Improvement Start a GitHub Advanced Security trial from a risk assessment application security supply…

May 8, 2026 · Allison