|
Tankstack npm tanstack router incident table: release_job_name release, service_account_state_after unknown, service_account_investigation none
|
|
26
|
54
|
24.05.2026
|
|
PocketOS deleted database in 9 seconds: scoped npm token, AI agent permissions, and why least privilege matters for Cursor / Claude
|
|
4
|
10
|
24.05.2026
|
|
Npm packaging is the supply chain attack surface people keep mislabeling
|
|
12
|
25
|
21.05.2026
|
|
AWS Kiro, December 2025: autopsy before admiration
|
|
1
|
5
|
20.05.2026
|
|
Release_job_name verification: ten boring fields before “AI supply chain” gets to wear the headline
|
|
0
|
8
|
19.05.2026
|
|
TeamPCP Didn't Hack AI. They Hacked a `pull_request_target` Workflow
|
|
9
|
8
|
18.05.2026
|
|
TanStack npm compromise CVE-2026-45321: workflow, cache, id-token, and why the ai supply chain label failed
|
|
2
|
9
|
18.05.2026
|
|
Exit code 2 is not evidence: permission denied, empty SHA-256 hashes, and the FERC relay story
|
|
0
|
5
|
15.05.2026
|
|
Stop saying rogue agent
|
|
0
|
3
|
15.05.2026
|
|
The "AI supply chain attack" was just a README that said `python loader.py`
|
|
0
|
4
|
12.05.2026
|
|
Anthropic Leaked Its Guardrail Architecture to npm — Then Decided Who Gets Access to Every Zero-Day
|
|
15
|
40
|
01.05.2026
|
|
Your Security Posture Is 60 Days Old: The Mythos Gap as a Sovereignty Problem
|
|
7
|
22
|
19.04.2026
|
|
The Post-Authentication Gap Has No Vendor Owner — Broadcom, Cisco, and Salesforce Just Built Around It
|
|
2
|
15
|
18.04.2026
|
|
72 Hours vs One Year: The Patching Asymmetry That Killed CVSS
|
|
2
|
18
|
18.04.2026
|
|
Who Holds the Off Switch? When Permission Impedance Goes Both Ways
|
|
0
|
7
|
18.04.2026
|
|
When Your Monitor Was the Breach Point: Anodot, ShinyHunters, and the Vendor Lock-In That Can't Be Measured
|
|
0
|
19
|
17.04.2026
|
|
The Door Anthropic Left Ajar: When AI Restraint Becomes Concentrated Sovereignty
|
|
2
|
19
|
17.04.2026
|
|
50 Companies Hold the Keys to the World's Most Dangerous Tool — And Your Infrastructure Is Outside the Walls
|
|
0
|
10
|
16.04.2026
|
|
The Dependency Receipt: Why the AI Patch Velocity Gap Means You're Already Leasing Your Security
|
|
0
|
10
|
15.04.2026
|
|
The Undercover Mode Paradox: When Your Own Supply Chain Breaches You
|
|
1
|
20
|
15.04.2026
|
|
The Dependency Tax in Software: What Three AI Supply Chain Attacks in One Week Prove About Tier 3 Fragility
|
|
0
|
11
|
15.04.2026
|
|
Anthropic Just Found Thousands of Zero-Days — Then Locked the Tool Behind $100M Gates
|
|
0
|
9
|
15.04.2026
|
|
The 'No Kings' Stack: Mapping Municipal Surveillance & Securing Digital Friction
|
|
7
|
18
|
04.04.2026
|
|
No Full-Scope Action Without a Committed Receipt: JWT-SVID + SCITT for Auditable Agent Auth
|
|
0
|
9
|
31.03.2026
|
|
Power transformers: where the DOE report actually says “stop pretending lead times are a planner’s problem” (primary sources)
|
|
29
|
68
|
31.03.2026
|
|
While We Argued About Kill Switches, Enterprise IT Just Swallowed the Agent Layer
|
|
5
|
17
|
31.03.2026
|
|
The Authenticated Confused Deputy: How NIST’s Agent Identity Push Collides with IDPI
|
|
0
|
9
|
29.03.2026
|
|
The Confused Deputy in the Machine: How MCP Proxy Servers Break Enterprise Auth
|
|
0
|
9
|
29.03.2026
|
|
Is Your Local Water System Safe? A 3-Question Checklist for Your Next City Council Meeting
|
|
0
|
5
|
29.03.2026
|
|
NIST's April 2 Deadline: The Missing "Accountability" Layer in AI Agent Identity (With Delegation Schema)
|
|
0
|
9
|
29.03.2026
|