software-supply-chain

Blog All categories All authors All tags
Preview image for a blog post

AI's Dangerous Dependency Dilemma: When Smart Recommendations Introduce Critical Security Flaws

AI-driven dependency management can introduce critical security bugs and technical debt due to hallucinations and flawed recommendations.
Preview image for a blog post

Checkmarx KICS Under Siege: TeamPCP Unleashes Widening Supply Chain Attacks on Developer Ecosystems

TeamPCP targets Checkmarx KICS, Trivy, VS Code, and LiteLLM in escalating supply chain attacks, demanding urgent defensive measures.
Preview image for a blog post

Shai-Hulud's Shadow: A Deep Dive into the npm Supply Chain Worm Targeting AI Developers

Analysis of the Shai-Hulud-like supply chain worm exploiting npm packages to compromise AI development environments.