#software-supply-chain tag

3 weeks ago

DevOps

JFrog launches MCP Server for AI-driven development workflows

JFrog's MCP Server enhances developer productivity by integrating AI capabilities into coding environments.

fromWIRED

Artificial intelligence

AI Code Hallucinations Increase the Risk of 'Package Confusion' Attacks

AI-generated code often references non-existent third-party libraries, posing risks for supply-chain attacks.

3 weeks ago

DevOps

JFrog launches MCP Server for AI-driven development workflows

Artificial intelligence

fromWIRED

AI Code Hallucinations Increase the Risk of 'Package Confusion' Attacks

AI-generated code often references non-existent third-party libraries, posing risks for supply-chain attacks.

more#ai

fromThe Hacker News

4 weeks ago

North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign

North Korean threat actors are deploying malicious npm packages as part of ongoing software supply chain attacks against the open-source ecosystem.

fromApp Developer Magazine

7 months ago

2025 Artifact Management Report

Artifact management has shifted to a strategic priority, focusing on security vulnerabilities in complex software environments.

#cybersecurity

fromIT Pro

Privacy professionals

Enterprises need to sharpen up on software supply chain security

Privacy professionals

Survey Surfaces Significant Lack of Visibility Into Software Supply Chain Risks - DevOps.com

fromCSO Online

Information security

Malicious PyPI package targets Chimera users to steal AWS tokens, CI/CD secrets

Software development

Checkmarx Surfaces Malicious Effort to Compromise Software Supply Chains - DevOps.com

fromThe Hacker News

Node JS

Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials

fromIT Pro

Privacy professionals

Enterprises need to sharpen up on software supply chain security

Privacy professionals

Survey Surfaces Significant Lack of Visibility Into Software Supply Chain Risks - DevOps.com

fromCSO Online

Information security

Malicious PyPI package targets Chimera users to steal AWS tokens, CI/CD secrets

Checkmarx Surfaces Malicious Effort to Compromise Software Supply Chains - DevOps.com

New malware targets application developers through typo-squatting, aiming to compromise software supply chains by providing persistent access and data exfiltration.

fromThe Hacker News

Node JS

Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials

more#cybersecurity

JFrog Extends Alliance With NVIDIA to Secure AI Software Supply Chain - DevOps.com

JFrog and NVIDIA have expanded integrations to include the Enterprise AI Factory, enabling the management of AI applications through JFrog's Software Supply Chain Platform.

Artificial intelligence

#sbom

Information security

Survey Surfaces Uneven Adoption of SBOMs to Secure Software - DevOps.com

Dropping the SBOM, why software supply chains are too flaky

The importance of managing software supply chain security is rising due to increased vulnerabilities and the prevalence of open-source software.

Information security

Survey Surfaces Uneven Adoption of SBOMs to Secure Software - DevOps.com

Dropping the SBOM, why software supply chains are too flaky

The importance of managing software supply chain security is rising due to increased vulnerabilities and the prevalence of open-source software.

more#sbom

fromInfoQ

Docker Introduces Hardened Images to Strengthen Container Security

Docker's Hardened Images significantly enhance container security by reducing attack surfaces and minimizing vulnerabilities.

DevOps