Andrew Shay logo
Blog & Digital Garden
Home > Digital Garden > Supply Chain Attacks

💣 Supply Chain Attacks (14)

  1. ⭐ 🔗 Let's talk about supply chain attacks and backdoored dependencies
  2. ⭐ 🔗 Supply chain attacks - Microsoft
  3. 🔗 170K Users Affected by Attack Using Fake Python Infrastructure
  4. 🔗 Backdoored Python Library Caught Stealing SSH Credentials
  5. 🔗 Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps
  6. 🔗 DuckDB NPM packages 1.3.3 and 1.29.2 compromised with malware
    (2) https://news.ycombinator.com/item?id=45179939&ref=andrewshay.me
  7. 🔗 Evan Boehs: Everything I know about the XZ backdoor
  8. 🔗 GitHub besieged by millions of malicious repositories
  9. 🔗 Go Module Mirror served backdoor to devs for 3+ years
  10. 🔗 Malicious ‘SentinelOne’ PyPI package steals data from developers
  11. 🔗 NPM debug and chalk packages compromised
    (2) https://news.ycombinator.com/item?id=45169657&ref=andrewshay.me
  12. 🔗 NPM supply-chain attack impacts hundreds of websites and apps
  13. 🔗 Running the “Reflections on Trusting Trust” Compiler
  14. 🔗 Two malicious Python libraries caught stealing SSH and GPG keys
    (2) https://news.ycombinator.com/item?id=21701488&ref=andrewshay.me
andrewshay.me