Advertisement
Shai-Hulud Campaign: TeamPCP Targets Open-Source Supply Chain
Analysis of the Shai-Hulud campaign by TeamPCP, detailing their open-source supply chain attacks, TTPs, and critical mitigation strategies.
RubyGems Suspends Registrations Due to Malicious Package Influx
RubyGems maintainers suspended new user registrations after detecting an automated attack involving over 500 malicious packages targeting platform resources.
Axios Attack: Industrialized Social Engineering on NPM Maintainers
An analysis of the Axios NPM package attack reveals advanced, scaled social engineering campaigns targeting open-source maintainers, elevating supply chain risk.
Open Source Security: Key Findings from 2025 Trust Report
Analysis of the 2025 State of Trusted Open Source Report, detailing prevalent vulnerabilities and consumption patterns in container images and language libraries.
Tech Giants Pledge $12.5M to Bolster Open Source Software Security
Anthropic, AWS, Google, Microsoft, and OpenAI invest $12.5 million into the OpenSSF to mitigate systemic supply chain risks in open source ecosystems.