Posts by Tag: supply-chain
all of the articles we have posted and linked so far under the tag: supply-chain
New 22 May 2026
Megalodon: 5,561 Repos Swallowed in Six Hours
TLDR and details on the Megalodon supply chain attack mass-backdooring GitHub repositories via malicious CI/CD workflow commits.
20 May 2026
GitHub: The Extension That Opened the Vault
TLDR and impact summary for the GitHub internal repository breach caused by a malicious VS Code extension installed by a GitHub developer.
19 May 2026
Mini Shai-Hulud: 639 Packages Deep and Still Burrowing
TLDR and affected package summary for the latest wave of the Mini Shai-Hulud npm supply-chain campaign targeting antv and echarts-for-react.
19 May 2026
Nx Console: One Stolen Token, One Poisoned Marketplace
TLDR and affected version summary for the Nx Console VS Code extension compromise via a contributor's leaked GitHub PAT.
14 May 2026
Shadow Supply: The Package That Stole Your Secrets
TLDR and affected version summary for the node-ipc npm supply-chain compromise.
11 May 2026
Mini Shai-Hulud: The Package That Crawled Through CI
TLDR and affected package summary for the Mini Shai-Hulud npm and PyPI supply-chain campaign.