Supply Chain Security
GitHub GHES Signing Key Rotation Puts Admins on the Clock
GitHub GHES Signing Key Rotation Puts Admins on the Clock Executive Summary GitHub warned on May 26, 2026 that administrators running GitHub Enterprise Server (...
Lucas Oliveira
Research
GlassWorm sleeper extensions turn Open VSX updates into a malware delivery path
GlassWorm sleeper extensions turn Open VSX updates into a malware delivery path The newest GlassWorm wave matters because it turns the normal extension update p...
Lucas Oliveira
Research
Bitwarden CLI npm compromise exposes CI/CD credential risk
Bitwarden CLI npm compromise exposes CI/CD credential risk A brief compromise of the Bitwarden CLI npm distribution is still a high-priority defender story beca...
Lucas Oliveira
Research
Cisco Breach Shows the Real Cost of the Trivy Supply-Chain Attack
Cisco Breach Shows the Real Cost of the Trivy Supply-Chain Attack The most important lesson from the Trivy incident is that a supply-chain attack on a trusted s...
Lucas Oliveira
Research
Axios npm compromise pushed a cross-platform RAT through a fake dependency
Axios npm compromise pushed a cross-platform RAT through a fake dependency A compromise of the widely used axios package on npm shows why defenders cannot rely...
Lucas Oliveira
Research