supply-chain

Socket raises $60 million for its open-source security platform

• supply-chain

Socket raises $60 million for its open-source security platform

SC Staff May 21, 2026

The investment, led by Thrive Capital with participation from Andreessen Horowitz and Capital One Ventures, brings Socket's...

Read More Read more about Socket raises $60 million for its open-source security platform

TeamPCP releases ‘vibe coded’ Shai-Hulud source code, issues challenge

• supply-chain

TeamPCP releases ‘vibe coded’ Shai-Hulud source code, issues challenge

Laura French May 15, 2026

The variant was used in recent attacks against TanStack and others – but it’s not the original,...

Read More Read more about TeamPCP releases ‘vibe coded’ Shai-Hulud source code, issues challenge

RubyGems pauses new account sign-ups amid major malicious attack

• supply-chain

RubyGems pauses new account sign-ups amid major malicious attack

SC Staff May 13, 2026

The attack has led to the involvement of hundreds of packages, with many directly targeted and some...

Read More Read more about RubyGems pauses new account sign-ups amid major malicious attack

‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages

• application-security
• decentralized-identity-and-verifiable-credentials
• identity
• supply-chain

‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages

Steve Zurier May 12, 2026

Teams warn the latest Shai-Hulud wave weaponizes trusted OIDC tokens to bypass package integrity checks.

Read More Read more about ‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages

SailPoint GitHub repo hit by third-party cyberattack

• application-security
• decentralized-identity-and-verifiable-credentials
• identity
• supply-chain

SailPoint GitHub repo hit by third-party cyberattack

Steve Zurier May 11, 2026

SailPoint says GitHub repo breach exposed no customer data or production systems.

Read More Read more about SailPoint GitHub repo hit by third-party cyberattack

JDownloader website compromised to distribute malicious installers

• supply-chain

JDownloader website compromised to distribute malicious installers

SC Staff May 11, 2026

The supply chain attack involved attackers modifying the website's download links to point to malicious third-party payloads.

Read More Read more about JDownloader website compromised to distribute malicious installers

Canvas, Shai-Hulud, QuasarRat, 0Days, Anthropic, Aaran Leyland, and EU Compliance! – SWN #579

• devsecops
• supply-chain

Canvas, Shai-Hulud, QuasarRat, 0Days, Anthropic, Aaran Leyland, and EU Compliance! – SWN #579

Aaran Leyland May 8, 2026

Read More Read more about Canvas, Shai-Hulud, QuasarRat, 0Days, Anthropic, Aaran Leyland, and EU Compliance! – SWN #579

Trusted third-party connections are the new front door for attackers 

• ai-benefitsrisks
• supply-chain
• third-party-code

Trusted third-party connections are the new front door for attackers 

John Watters May 6, 2026

Here’s five priorities for teams looking to manage third-party risk in the AI era.

Read More Read more about Trusted third-party connections are the new front door for attackers 

DAEMON Tools installers compromised in new supply chain attack

• malware
• security-operations
• supply-chain
• threat-intelligence

DAEMON Tools installers compromised in new supply chain attack

SC Staff May 6, 2026

The attack involved tampering with three core DAEMON Tools components: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe.

Read More Read more about DAEMON Tools installers compromised in new supply chain attack

FCC votes to ban Chinese and Hong Kong testing labs for US-bound devices

• supply-chain

FCC votes to ban Chinese and Hong Kong testing labs for US-bound devices

SC Staff May 6, 2026

The FCC's unanimous vote on April 30, 2026, extends a prior ban on state-affiliated Chinese labs to...

Read More Read more about FCC votes to ban Chinese and Hong Kong testing labs for US-bound devices