TechnoTenshi :verified_trans: :Fire_Lesbian:<p>A vulnerability in GitHub MCP lets malicious Issues hijack AI agents to leak data from private repos. Invariant calls this a “toxic agent flow” and shows it can exfiltrate sensitive info via prompt injection. GitHub alone can't fix it—mitigation needs system-level controls. </p><p><a href="https://invariantlabs.ai/blog/mcp-github-vulnerability" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">invariantlabs.ai/blog/mcp-gith</span><span class="invisible">ub-vulnerability</span></a></p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/promptinjection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>promptinjection</span></a> <a href="https://infosec.exchange/tags/supplychainsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>supplychainsecurity</span></a> <a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AIsecurity</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
212active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.8
#supplychainsecurity
0 posts · 0 participants · 0 posts today
Purism<p>Secure Supply Chain- Liberty Phone.</p><p>Secure from source to shipment.</p><p>Purism's Made in USA electronics, manufactured securely since 2018.</p><p>Learn More at Purism: <a href="https://puri.sm/products/liberty-phone/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">puri.sm/products/liberty-phone</span><span class="invisible">/</span></a> <br><a href="https://social.librem.one/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://social.librem.one/tags/Purism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Purism</span></a></p>
Purism<p>Secure Supply Chain- Liberty Phone.</p><p>Secure from source to shipment. </p><p>Purism's Made in USA electronics, manufactured securely since 2018. </p><p>Learn More at Purism: <a href="https://puri.sm/products/liberty-phone/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">puri.sm/products/liberty-phone</span><span class="invisible">/</span></a> </p><p><a href="https://social.librem.one/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://social.librem.one/tags/Purism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Purism</span></a></p>
LavX News<p>Fortify Your CI/CD Pipeline with Scharf: The Ultimate Tool Against Supply-Chain Attacks</p><p>In an era where supply-chain attacks are on the rise, Scharf emerges as a critical tool for developers, ensuring that CI/CD workflows remain secure from third-party vulnerabilities. By pinning depende...</p><p><a href="https://news.lavx.hu/article/fortify-your-ci-cd-pipeline-with-scharf-the-ultimate-tool-against-supply-chain-attacks" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/fortify-y</span><span class="invisible">our-ci-cd-pipeline-with-scharf-the-ultimate-tool-against-supply-chain-attacks</span></a></p><p><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://mastodon.cloud/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHubActions</span></a> <a href="https://mastodon.cloud/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://mastodon.cloud/tags/Scharf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Scharf</span></a></p>
Purism<p>The Liberty Phone delivers uncompromising security for government communications- No Surveillance.</p><p>Link to Video: <a href="https://puri.sm/posts/the-liberty-phone-secure-government-mobility/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">puri.sm/posts/the-liberty-phon</span><span class="invisible">e-secure-government-mobility/</span></a> </p><p><a href="https://social.librem.one/tags/LibertyPhone" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LibertyPhone</span></a> <a href="https://social.librem.one/tags/MadeInUSA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MadeInUSA</span></a> <a href="https://social.librem.one/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://social.librem.one/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://social.librem.one/tags/PureOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PureOS</span></a> <a href="https://social.librem.one/tags/EndToEndEncryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EndToEndEncryption</span></a> <a href="https://social.librem.one/tags/HardwareSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HardwareSecurity</span></a> <a href="https://social.librem.one/tags/GOTSSolution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GOTSSolution</span></a> <a href="https://social.librem.one/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a></p>
Deutschland<p><a href="https://www.europesays.com/de/97674/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">europesays.com/de/97674/</span><span class="invisible"></span></a> Remote-Access-Trojaner in npm-Paket mit 40.000 wöchentlichen Downloads gefunden <a href="https://pubeurope.com/tags/Deutschland" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Deutschland</span></a> <a href="https://pubeurope.com/tags/Germany" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Germany</span></a> <a href="https://pubeurope.com/tags/IT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IT</span></a> <a href="https://pubeurope.com/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JavaScript</span></a> <a href="https://pubeurope.com/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a> <a href="https://pubeurope.com/tags/paketmanager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>paketmanager</span></a> <a href="https://pubeurope.com/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a> <a href="https://pubeurope.com/tags/Science" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Science</span></a> <a href="https://pubeurope.com/tags/Science" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Science</span></a>&Technology <a href="https://pubeurope.com/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://pubeurope.com/tags/SoftwareSupplyChain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SoftwareSupplyChain</span></a> <a href="https://pubeurope.com/tags/Softwareentwicklung" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Softwareentwicklung</span></a> <a href="https://pubeurope.com/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://pubeurope.com/tags/Technik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Technik</span></a> <a href="https://pubeurope.com/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Technology</span></a> <a href="https://pubeurope.com/tags/Trojaner" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Trojaner</span></a> <a href="https://pubeurope.com/tags/Wissenschaft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Wissenschaft</span></a> <a href="https://pubeurope.com/tags/Wissenschaft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Wissenschaft</span></a>&Technik</p>
LavX News<p>Supply Chain Attack Exposes Vulnerabilities in Popular npm Package</p><p>A recent supply chain attack has compromised the widely-used npm package 'rand-user-agent', injecting malicious code that activates a remote access trojan (RAT). With 45,000 weekly downloads, this inc...</p><p><a href="https://news.lavx.hu/article/supply-chain-attack-exposes-vulnerabilities-in-popular-npm-package" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/supply-ch</span><span class="invisible">ain-attack-exposes-vulnerabilities-in-popular-npm-package</span></a></p><p><a href="https://ioc.exchange/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://ioc.exchange/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://ioc.exchange/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://ioc.exchange/tags/RemoteAccessTrojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RemoteAccessTrojan</span></a> <a href="https://ioc.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a></p>
LavX News<p>Supply Chain Attack Exposes Vulnerabilities in Popular npm Package</p><p>A recent supply chain attack has compromised the widely-used npm package 'rand-user-agent', injecting malicious code that activates a remote access trojan (RAT). With 45,000 weekly downloads, this inc...</p><p><a href="https://news.lavx.hu/article/supply-chain-attack-exposes-vulnerabilities-in-popular-npm-package" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/supply-ch</span><span class="invisible">ain-attack-exposes-vulnerabilities-in-popular-npm-package</span></a></p><p><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://mastodon.cloud/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://mastodon.cloud/tags/RemoteAccessTrojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RemoteAccessTrojan</span></a> <a href="https://mastodon.cloud/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>npm</span></a></p>
Purism<p>The Liberty Phone delivers uncompromising security for government communications- No Surveillance. </p><p><a href="https://puri.sm/products/liberty-phone/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">puri.sm/products/liberty-phone</span><span class="invisible">/</span></a> </p><p><a href="https://social.librem.one/tags/LibertyPhone" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LibertyPhone</span></a> <a href="https://social.librem.one/tags/SecureGovMobile" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureGovMobile</span></a> <a href="https://social.librem.one/tags/MadeInUSA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MadeInUSA</span></a> <a href="https://social.librem.one/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://social.librem.one/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://social.librem.one/tags/PureOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PureOS</span></a> <a href="https://social.librem.one/tags/EndToEndEncryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EndToEndEncryption</span></a> <a href="https://social.librem.one/tags/HardwareSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HardwareSecurity</span></a> <a href="https://social.librem.one/tags/GOTSSolution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GOTSSolution</span></a> <a href="https://social.librem.one/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a></p>
LavX News<p>Navigating the Risks of MCP Protocol: A Deep Dive into Security and Docker Solutions</p><p>As the MCP protocol gains traction in AI development, its inherent security risks demand attention. This article explores the vulnerabilities associated with running MCP servers locally and introduces...</p><p><a href="https://news.lavx.hu/article/navigating-the-risks-of-mcp-protocol-a-deep-dive-into-security-and-docker-solutions" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/navigatin</span><span class="invisible">g-the-risks-of-mcp-protocol-a-deep-dive-into-security-and-docker-solutions</span></a></p><p><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://mastodon.cloud/tags/Docker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Docker</span></a> <a href="https://mastodon.cloud/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://mastodon.cloud/tags/MCPProxy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MCPProxy</span></a></p>
0x40k<p>Yikes, just stumbled upon some news about new Go modules floating around GitHub that can seriously wreck Linux systems!</p><p>So, here’s the scoop: Three particularly nasty Go modules have been spotted. When executed, they're designed to completely trash the system. How? Basically, they use obfuscated code to fetch a payload, and *that* payload proceeds to overwrite `/dev/sda` (your primary hard drive!) with zeros. Poof! Your data is gone. Keep an eye out for these repos: `github[.]com/truthfulpharm/prototransform`, `github[.]com/blankloggia/go-mcp`, and `github[.]com/steelpoor/tlsproxy`.</p><p>The really scary part? This is a stark reminder of how supply-chain attacks can turn even code you *think* you trust into a major threat.</p><p>And honestly, this isn't an isolated incident. Think about those malicious npm packages caught stealing crypto keys, or PyPI packages abusing Gmail for data exfiltration. Unfortunately, the list goes on.</p><p>What steps can you take?<br>* **Always** double-check package authenticity. Look into the publisher's history and verify GitHub links.<br>* Make it a habit to regularly review your dependencies. What are you *really* pulling into your project?<br>* Implement strict access controls, especially for private keys. Don't make it easy for attackers.<br>* Keep tabs on unusual outbound network connections, *particularly* SMTP traffic.<br>* Don't just blindly trust a package because it's been around for a while. Age isn't always a guarantee of safety.</p><p>Speaking as a pentester, these supply-chain attacks are genuinely tricky and folks often underestimate the danger. Sure, automated scans can catch some things, but nothing beats staying vigilant and truly understanding the risks involved. I see it all the time – clients sometimes get a false sense of security just because something is "open source."</p><p>Have you encountered anything similar? What tools or strategies are you using to lock down your supply chain? Drop your thoughts below!</p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://infosec.exchange/tags/GoLang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoLang</span></a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentest</span></a></p>
LavX News<p>AI Code Hallucinations: A New Frontier for Supply-Chain Attacks</p><p>Recent research reveals that AI-generated code is increasingly prone to referencing non-existent libraries, creating a fertile ground for supply-chain attacks. This phenomenon, termed 'package halluci...</p><p><a href="https://news.lavx.hu/article/ai-code-hallucinations-a-new-frontier-for-supply-chain-attacks" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/ai-code-h</span><span class="invisible">allucinations-a-new-frontier-for-supply-chain-attacks</span></a></p><p><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://mastodon.cloud/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://mastodon.cloud/tags/AIgeneratedCode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AIgeneratedCode</span></a> <a href="https://mastodon.cloud/tags/PackageHallucination" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PackageHallucination</span></a></p>
InfoQ<p>🚨 Major supply chain attack within the <a href="https://techhub.social/tags/GoLang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoLang</span></a> ecosystem!</p><p>A malicious package - github.com/boltdb-go/bolt - was impersonating the trusted BoltDB, using Go Module Proxy’s caching mechanism to stay hidden for YEARS!!! </p><p>Discover more: <a href="https://bit.ly/42Bg1Di" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">bit.ly/42Bg1Di</span><span class="invisible"></span></a> </p><p><a href="https://techhub.social/tags/SoftwareSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SoftwareSecurity</span></a> <a href="https://techhub.social/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://techhub.social/tags/InfoQ" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoQ</span></a></p>
LavX News<p>Chainguard Secures $356 Million to Fortify Open Source Supply Chains</p><p>In a bold move to enhance open source security, Chainguard has raised $356 million in Series D funding, bringing their valuation to $3.5 billion. This funding will accelerate their mission to secure t...</p><p><a href="https://news.lavx.hu/article/chainguard-secures-356-million-to-fortify-open-source-supply-chains" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/chainguar</span><span class="invisible">d-secures-356-million-to-fortify-open-source-supply-chains</span></a></p><p><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://mastodon.cloud/tags/OpenSourceSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSourceSecurity</span></a> <a href="https://mastodon.cloud/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://mastodon.cloud/tags/Chainguard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Chainguard</span></a></p>
Bytes Europe<p>Ex-US Customs Chief: AI Platform Critical for National Security <a href="https://www.byteseu.com/948858/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">byteseu.com/948858/</span><span class="invisible"></span></a> <a href="https://pubeurope.com/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://pubeurope.com/tags/AISecuritySolutions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AISecuritySolutions</span></a> <a href="https://pubeurope.com/tags/ArtificialIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ArtificialIntelligence</span></a> <a href="https://pubeurope.com/tags/BorderProtectionInnovation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BorderProtectionInnovation</span></a> <a href="https://pubeurope.com/tags/BorderSecurityTechnology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BorderSecurityTechnology</span></a> <a href="https://pubeurope.com/tags/CustomsModernization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CustomsModernization</span></a> <a href="https://pubeurope.com/tags/CustomsScreeningAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CustomsScreeningAI</span></a> <a href="https://pubeurope.com/tags/CustomsTraceAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CustomsTraceAI</span></a> <a href="https://pubeurope.com/tags/STAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>STAI</span></a> <a href="https://pubeurope.com/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://pubeurope.com/tags/TradeComplianceAutomation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TradeComplianceAutomation</span></a></p>
Thomas Strömberg 🚲🌳🛵<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@timb_machine" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>timb_machine</span></a></span> Thanks for highlighting my recent <a href="https://triangletoot.party/tags/supplychainsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>supplychainsecurity</span></a> pet project "UCD". It inspired me to do some output tuning and add a screenshot for how it detected unexpected changes to the recent GitHub actions supply-chain attacks.</p>
Worlddefensereport<p>Netherlands Partners with VDL Groep to Accelerate Local Production of Combat Vehicles, Drones and Reduce Dependence on Non-European Suppliers </p><p><a href="https://defensemirror.com/news/39115/Netherlands_Partners_with_VDL_Groep_to_Accelerate_Production_of_Combat_Vehicles__Drones" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">defensemirror.com/news/39115/N</span><span class="invisible">etherlands_Partners_with_VDL_Groep_to_Accelerate_Production_of_Combat_Vehicles__Drones</span></a></p><p><a href="https://mstdn.social/tags/Netherlands" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Netherlands</span></a> <a href="https://mstdn.social/tags/Defence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Defence</span></a> <a href="https://mstdn.social/tags/VDLGroep" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VDLGroep</span></a> <a href="https://mstdn.social/tags/MilitaryProduction" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MilitaryProduction</span></a> <a href="https://mstdn.social/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://mstdn.social/tags/EuropeanDefence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EuropeanDefence</span></a></p>
Anant Shrivastava aka anantshri<p>I am curating the Supply Chain Security track at <a href="https://social.anantshri.info/tags/rootconf2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Rootconf2025</span></a>!</p><p>Got stories, tools, or lessons from the trenches? Come speak — or just show up and learn.</p><p>hasgeek.com/rootconf/2025/</p><p><a href="https://social.anantshri.info/tags/devsecops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DevSecOps</span></a> <a href="https://social.anantshri.info/tags/sbom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SBOM</span></a> <a href="https://social.anantshri.info/tags/ci_cd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CI_CD</span></a> <a href="https://social.anantshri.info/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.anantshri.info/tags/devops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DevOps</span></a> <a href="https://social.anantshri.info/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://social.anantshri.info/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudSecurity</span></a> <a href="https://social.anantshri.info/tags/supplychainsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://social.anantshri.info/tags/sre" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SRE</span></a></p>
LavX News<p>Cascading Supply Chain Attack Exposes Secrets in Over 23,000 GitHub Repositories</p><p>A recent supply chain attack has compromised critical CI/CD secrets across a staggering number of GitHub repositories, revealing vulnerabilities in widely used actions. The breach highlights the inter...</p><p><a href="https://news.lavx.hu/article/cascading-supply-chain-attack-exposes-secrets-in-over-23000-github-repositories" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/cascading</span><span class="invisible">-supply-chain-attack-exposes-secrets-in-over-23000-github-repositories</span></a></p><p><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://mastodon.cloud/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHubActions</span></a> <a href="https://mastodon.cloud/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://mastodon.cloud/tags/CISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CISA</span></a></p>
LavX News<p>Cascading Supply Chain Attack Exposes CI/CD Secrets: A GitHub Action Breach Analysis</p><p>A recent cascading supply chain attack has compromised GitHub Actions, leading to the exposure of CI/CD secrets across thousands of repositories. This incident highlights vulnerabilities in the softwa...</p><p><a href="https://news.lavx.hu/article/cascading-supply-chain-attack-exposes-ci-cd-secrets-a-github-action-breach-analysis" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/cascading</span><span class="invisible">-supply-chain-attack-exposes-ci-cd-secrets-a-github-action-breach-analysis</span></a></p><p><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://mastodon.cloud/tags/GitHubActions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHubActions</span></a> <a href="https://mastodon.cloud/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://mastodon.cloud/tags/CICDSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CICDSecurity</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload