developer-tech.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-07-06.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-07-06 2026 | FBI warns developers over TeamPCP software supply chain attacksSupply Chain | The FBI has issued a warning to developers regarding software supply chain attacks involving the TeamPCP tool. These attacks exploit vulnerabilities within the development process to compromise software. While the provided content does not mention a specific bug bounty payout amount, the alert highlights the significant threat posed by these sophisticated attacks to the integrity of software and the security of end-users. Developers are urged to implement robust security measures to mitigate these risks. |
| 2026-07-02 2026 | PolinRider supply chain attack expands to Packagist ecosystemSupply Chain | The PolinRider supply chain attack has expanded to the Packagist ecosystem, a popular repository for PHP packages. This means malicious code is now being distributed through legitimate-looking PHP packages, potentially compromising users who download and integrate them into their projects. The attack's reach into Packagist highlights a growing trend of supply chain vulnerabilities, where attackers exploit trusted software sources to spread malware. Developers are advised to exercise extreme caution when updating or installing new PHP packages. |
| 2026-06-23 2026 | OpenAI deploys GPT-5.5-Cyber for open-source vulnerability fixesFuzzing | OpenAI deploys GPT-5.5-Cyber for open-source vulnerability fixes https://ift.tt/TC32xeh |
| 2026-05-01 2026 | Open-source registries hit by 'Mini Shai-Hulud' supply chain attacksSupply Chain | Library targeting supply chain attacks like 'Mini Shai-Hulud', which exploits polyglot environments by compromising popular packages such as PyTorch Lightning on PyPI and Intercom on npm to steal SSH keys, GitHub Actions tokens, and cloud provider credentials from developer machines and CI/CD pipelines across Python, PHP, Ruby, and Go ecosystems. |
| 2022-01-10 2022 | At DevSecCon24 find out how to build a Security Champions programme to scale your teamAuthZ | Talk from DevSecCon24 detailing how to build a successful Security Champions program. It emphasizes strategic planning, executive sponsorship, careful selection of passionate developer champions, and clearly defining their role as liaisons, not security experts. The talk also covers organically rolling out the program, starting small, and measuring success through both qualitative adoption and quantitative data. |