3초 만에 20개 npm 패키지를 오염시킨 자동화 Supply Chain Attack
Miasma campaign poisons 20-plus npm packages, hunts for developer secrets
Miasma campaign poisons 20-plus npm packages, hunts for developer secrets
your CI agent is reading more than your prompt
Secret Scanning in CI: What Pre-Commit, Pull Request, and Main Branch Each Actually Catch
70개 이상 GitHub 저장소 침해를 통한 AI 개발 공급망 공격 및 Worm 전파
The Miasma Worm: How AI Coding Agents Became a Supply Chain Attack Surface
The Developer's Guide to Environment Variables and Secrets Management
Comment and Control: a GitHub comment hijacks Claude Code in CI
CI/CD 파이프라인 침해로 인한 32개 npm 패키지 및 95개 버전 오염 사례
Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries
Hardening Your Node.js App Against Supply Chain & Remote Code Execution Attacks
TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages
TanStack weighs invitation-only pull requests after supply chain attack
The Hidden Supply Chain Risk in Your `pip install`
Why I'm leaving GitHub for Forgejo
The 20-Minute Compromise: CI/CD Audit Guide for the TanStack Supply Chain Attack
Win11 Zero-Days, npm Supply Chain, & AI Agent Security Threats
6분 내 10개 패키지 감염시킨 CI/CD 기반 자가 전파형 공급망 공격
pull_request_target 권한 허점을 이용한 Cache Poisoning 공격 및 공급망 침해
Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged
Pipelock Agent Egress Control: the missing CI primitive for AI agents