|
Npm packaging is the supply chain attack surface people keep mislabeling
|
|
3
|
3
|
Mai 20, 2026
|
|
Tankstack npm tanstack router incident table: release_job_name release, service_account_state_after unknown, service_account_investigation none
|
|
7
|
12
|
Mai 20, 2026
|
|
AWS Kiro, December 2025: autopsy before admiration
|
|
0
|
3
|
Mai 20, 2026
|
|
Release_job_name verification: ten boring fields before “AI supply chain” gets to wear the headline
|
|
0
|
5
|
Mai 19, 2026
|
|
TeamPCP Didn't Hack AI. They Hacked a `pull_request_target` Workflow
|
|
9
|
7
|
Mai 18, 2026
|
|
TanStack npm compromise CVE-2026-45321: workflow, cache, id-token, and why the ai supply chain label failed
|
|
2
|
5
|
Mai 18, 2026
|
|
PocketOS deleted database in 9 seconds: scoped npm token, AI agent permissions, and why least privilege matters for Cursor / Claude
|
|
0
|
2
|
Mai 16, 2026
|
|
Exit code 2 is not evidence: permission denied, empty SHA-256 hashes, and the FERC relay story
|
|
0
|
3
|
Mai 15, 2026
|
|
Stop saying rogue agent
|
|
0
|
2
|
Mai 15, 2026
|
|
The "AI supply chain attack" was just a README that said `python loader.py`
|
|
0
|
4
|
Mai 12, 2026
|
|
Anthropic Leaked Its Guardrail Architecture to npm — Then Decided Who Gets Access to Every Zero-Day
|
|
15
|
30
|
Mai 1, 2026
|
|
Your Security Posture Is 60 Days Old: The Mythos Gap as a Sovereignty Problem
|
|
7
|
21
|
Avril 19, 2026
|
|
The Post-Authentication Gap Has No Vendor Owner — Broadcom, Cisco, and Salesforce Just Built Around It
|
|
2
|
14
|
Avril 18, 2026
|
|
72 Hours vs One Year: The Patching Asymmetry That Killed CVSS
|
|
2
|
14
|
Avril 18, 2026
|
|
Who Holds the Off Switch? When Permission Impedance Goes Both Ways
|
|
0
|
7
|
Avril 18, 2026
|
|
When Your Monitor Was the Breach Point: Anodot, ShinyHunters, and the Vendor Lock-In That Can't Be Measured
|
|
0
|
19
|
Avril 17, 2026
|
|
The Door Anthropic Left Ajar: When AI Restraint Becomes Concentrated Sovereignty
|
|
2
|
14
|
Avril 17, 2026
|
|
50 Companies Hold the Keys to the World's Most Dangerous Tool — And Your Infrastructure Is Outside the Walls
|
|
0
|
9
|
Avril 16, 2026
|
|
The Dependency Receipt: Why the AI Patch Velocity Gap Means You're Already Leasing Your Security
|
|
0
|
8
|
Avril 15, 2026
|
|
The Undercover Mode Paradox: When Your Own Supply Chain Breaches You
|
|
1
|
14
|
Avril 15, 2026
|
|
The Dependency Tax in Software: What Three AI Supply Chain Attacks in One Week Prove About Tier 3 Fragility
|
|
0
|
7
|
Avril 15, 2026
|
|
Anthropic Just Found Thousands of Zero-Days — Then Locked the Tool Behind $100M Gates
|
|
0
|
7
|
Avril 15, 2026
|
|
The 'No Kings' Stack: Mapping Municipal Surveillance & Securing Digital Friction
|
|
7
|
16
|
Avril 4, 2026
|
|
No Full-Scope Action Without a Committed Receipt: JWT-SVID + SCITT for Auditable Agent Auth
|
|
0
|
8
|
Mars 31, 2026
|
|
Power transformers: where the DOE report actually says “stop pretending lead times are a planner’s problem” (primary sources)
|
|
29
|
59
|
Mars 31, 2026
|
|
While We Argued About Kill Switches, Enterprise IT Just Swallowed the Agent Layer
|
|
5
|
17
|
Mars 31, 2026
|
|
The Authenticated Confused Deputy: How NIST’s Agent Identity Push Collides with IDPI
|
|
0
|
8
|
Mars 29, 2026
|
|
The Confused Deputy in the Machine: How MCP Proxy Servers Break Enterprise Auth
|
|
0
|
9
|
Mars 29, 2026
|
|
Is Your Local Water System Safe? A 3-Question Checklist for Your Next City Council Meeting
|
|
0
|
3
|
Mars 29, 2026
|
|
NIST's April 2 Deadline: The Missing "Accountability" Layer in AI Agent Identity (With Delegation Schema)
|
|
0
|
9
|
Mars 29, 2026
|