Search

about.gitlab.com › blog

Software supply chain security practices seeing only modest adoption

…More to explore Security Full security scanner coverage of your codebase in minutes Security Reduce supply chain risk with SBOM-based dependency scanning Security Manage CI/CD credentials with GitLab Secrets Manager…

Feb 21, 2023 · Aathira Nair

Top stories

bleepingcomputer.com

Early Warning Signs of Supply-Chain Attacks Live in the Dark Web

3d ago

techcrunch.com

Minimus launches supply chain protection and minicli to automate open-source and container security as code

6d ago

kotaku.com

Sony, Amazon Unsure If Their Supply Chains Funded Armed Conflict In 2025

1w ago

wired.com › story

Trump Administration Won’t Rule Out Further Action Against Anthropic

…Tuesday’s hearing stemmed from one of the two federal lawsuits Anthropic filed against the Trump administration on Monday, alleging that the government unconstitutionally designated it a supply-chain risk and turned…

Mar 11, 2026 · Paresh Dave

github.blog › changelog

Code-to-cloud risk visibility with Microsoft Defender for Cloud is now generally available - GitHub Changelog

…Release Dependabot version updates now support the Deno ecosystem supply chain security Jun.09 Retired Upcoming breaking changes for npm v12 supply chain security Jun.09 Release Periodic code scanning of inactive…

May 5, 2026 · Allison

github.blog › changelog

Staged publishing and new install-time controls for npm - GitHub Changelog

…security supply chain security May.19 Improvement Start a GitHub Advanced Security trial from a risk assessment application security supply chain security May.12 Retired Synchronous SBOM API deprecated supply chain security…

May 22, 2026 · Allison

Discussions and forums

r/devops · u/root0ps · 3w ago

pnpm 11 Might Finally Be a Better Default Than npm

pnpm 11 feels like the first Node.js package manager update in a while that actually improves supply chain security by default. Features like: minimumReleaseAge blockExoticSubdeps allowBuilds directly reduce the risk of …

Hacker News · u/randersson1000 · Apr 22, 2026

Speed Matters: Why AI Software Vulnerability Exploitation is going be bad

I co-founded a successful security company close to the Mythos ecosystem and have spoken with participants in the know and I am deeply concerned. We, collectively, have answers for some but not all of the problems ahead …

13 5

Hacker News · u/m3047 · 3w ago

Tell HN: The Threat to US Citizen's ID / Voting Is Private Services

THE REAL RISK AROUND VOTER ID NOW COMES FROM PRIVATE ENTERPRISEThis post has been condensed due to character limitations on HN posts.[...]What's happening is that private entities are curating the databases and operating…

2 8

techcrunch.com › 2026 › 05 › …

OpenAI says hackers stole some data after latest code security issue | TechCrunch

…evidence of compromise or risk to existing software installations,” the company wrote. It's not clear who is behind the TanStack attack. Some of the past supply-chain hacks have been attributed…

May 14, 2026 · Lorenzo Franceschi-Bicchierai

press.asus.com › blog

How EU Regulations Are Reshaping Cybersecurity Standards

…supply chain attacks, and AI-driven vulnerabilities. These regulations require organizations to report incidents, implement risk management measures, and enhance product security. These laws help businesses prepare for and mitigate cyber risks…

May 27, 2025 · ASUS Press

engadget.com › mobile › smartphones

Apple's foldable iPhone is reportedly at risk of delay - Engadget

…models for its September event this year due to constrained supplies of components like memory chips. "Apple and the supply chain are working under a pressured timeline and the current solutions are…

Apr 7, 2026 · Steve Dent

notebookcheck.net

VS Code supply chain attack hits GitHub, OpenAI, and Mistral AI

VS Code supply chain attack hits GitHub, OpenAI, and Mistral AI

May 21, 2026 · Darryl Linington

github.blog › security

Security-related product updates - GitHub Blog

…free The new Code Security Risk Assessment gives you a one-click view of vulnerabilities across your organization, at no cost. Securing the open source supply chain across GitHub Recent attacks on…

Apr 28, 2026 · Alexis Wales

appleinsider.com › articles › 26 › …

Another OpenAI hack puts ChatGPT Mac users on an update deadline

OpenAI is forcing Mac users to update ChatGPT and other desktop apps soon, after a supply chain attack exposed signing certificates that Apple's security systems use to verify trusted software…

May 14, 2026 · Andrew Orr