Threat Digest

Diagram illustrating a supply chain attack with compromised dependencies leading to a company's code repository.

Supply Chain Attack Hits Grafana Labs

The open-source world just got a stark reminder of its interconnected fragility. Grafana Labs confirmed a recent code breach stemmed directly from a compromise within the TanStack development ecosystem.

5 min read 2 days, 9 hours ago

Illustration of a computer screen with code and security icons, representing a developer workstation as a potential supply chain vulnerability.

Vulnerabilities & CVEs

Your Laptop Now Ships Software to Attackers

Forget just securing the code repository. A seismic shift is underway, transforming developer workstations into the hottest new target for sophisticated supply chain attacks.

6 min read 5 days, 8 hours ago

Abstract representation of a tangled web of code, with red nodes indicating security breaches and interconnected lines showing propagation.

Vulnerabilities & CVEs

npm's 'Nuisance' Era is Over: The Rise of Wormable Attacks

The days of worrying about minor npm annoyances are long gone. A chilling new breed of self-replicating malware is reshaping the threat landscape, turning the developer's trusted toolkit into a weapon.

6 min read 4 weeks ago

#cicd-security

Supply Chain Attack Hits Grafana Labs

Your Laptop Now Ships Software to Attackers

npm's 'Nuisance' Era is Over: The Rise of Wormable Attacks