22 stories tagged with #supplychain, in publish-time order across the WeSearch catalog. Tag pages update as new stories ingest.
⌘ RSS feed for this tag → or search "Supplychain"
AppView 1.0.0 Released: Instrument and Secure Your LLM Deployments
We just released AppView 1.0.0. It is a CLI tool designed to bridge the gap between raw model weights...…
I scanned 200 popular MCP server packages. Here is what I found.
Open-source supply-chain trust gate for MCP servers, validated on 200 packages. 3 BLOCK findings including 1 hardcoded LLM API key. 6 'official' servers abandoned. Free public API.…
TanStack shipped a postmortem for the 42-package npm compromise. Here is what every project should change this week.
TanStack shipped a postmortem for the 42-package npm compromise. Here is what every project...…
You Should Not Update Your Dependencies
A brief (irreverent) history of software supply chain security, and what to do about it in the age of AI.…
Cost of simple oil change could skyrocket 40% due to Iran war: report
Some suppliers are warning the US could run out of key Group III base oils from the Gulf region by June.…
US and India sign Critical Minerals Framework to enhance supply chains
The US and India signed a Critical Minerals Framework backed by over $30B in investments, targeting rare earth supply chains from exploration to recycling.…
Model Poisoning: The Hidden Risk in Supply Chain AI
Most AI security discussions focus on the perimeter — protecting API endpoints, filtering inputs, and...…
Mini Shai-Hulud: A persistent supply-chain worm
On April 29th, Aikido researchers detected multiple compromised Node.js packages in SAP's namespace...…
India-US sign landmark bilateral framework to secure critical minerals and rare earths supply chains
The framework is designed to deepen comprehensive cooperation across the entire critical minerals and rare earth supply chain. | India News…
Signing Is for the Bad Days
TUF, in-toto, and Sigstore only look pointless while nothing is on fire…
How `shieldcortex audit --deps` Catches the parikhpreyash4 Supply-Chain Attack
A 700-repo npm supply-chain campaign drops /tmp/.sshd and bolts a fake "Dependency Cache Sync" step into your GitHub Actions. Here's the one-liner that flags it before npm install …
I let an AI agent loose on my network – it owned my supply chain in 12 minutes
A DeepSeek-V4 agent with root SSH access was told to pentest a Proxmox homelab. From a single .env.bak file, it compromised CI/CD, poisoned dependencies, backdoored containers, and…
Perplexity Bumblebee: Read-Only Tool for Dev Supply Chain Checks on macOS/Linux
Read-only tool for inventorying packages, extensions, and developer-tool metadata on macOS and Linux developer endpoints, built for fast supply-chain exposure checks. - perplexitya…
Megalodon chums the waters in 5.5K+ GitHub repo poisonings
Will Jason Statham save us?…
npm Supply Chain Audit: The Checklist Most Teams Stop Too Early
Originally posted on getcommit.dev. In October 2021, ua-parser-js was used by Facebook, Microsoft,...…
GitHub confirmed a breach last week that exposed around 3,800 internal repositories. The cause wasn't a zero-day. It was a VS Code extension.
Attackers took over the publisher token for Nx Console, which has about 2.2 million installs. They...…
EU seeks to lift ban on Chinese chips it barred only weeks ago
Automakers warned of impending supply chain chaos if the ban is not removed. Read more at straitstimes.com. Read more at straitstimes.com.…
PCB Shortage Warning: Iran-Saudi Conflict Drives 40% Price Increase — What Hardware Engineers Need to Know
Gulf Conflict Triggers New PCB Supply Chain Crisis A convergence of geopolitical...…
EU picks tungsten, rare earths, gallium for first critical mineral stockpile
The move marks one of the bloc’s most concrete steps to reduce reliance on China for elements vital to defence and tech.…
Commodities: Supply Worries Remain As US Extends Russian Oil Waiver
The oil market continues to trade in wide ranges, and it remains extremely sensitive to Iran-related headlines amid current supply disruptions.…
Popular node-IPC NPM package compromised to steal credentials
Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting n…
From pnpm's Cool Feature to npm's Life jacket: The (somewhat accidental) birth of age-install
From pnpm's Cool Feature to npm's Life jacket: The (somewhat accidental) birth of...…