devops.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-07-08.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-07-08 2026 | North Korea Expands the Reach of PolinRider Supply Chain Attack CampaignSupply Chain | North Korea is expanding its PolinRider supply chain attack campaign. This sophisticated operation targets software updates to distribute malware. The campaign's reach has grown, indicating a persistent effort by North Korean state-sponsored actors to compromise systems through trusted software channels. The provided link offers further details on the campaign's evolution and technical aspects. |
| 2026-06-22 2026 | Homebrew to Packages: No ID No ServiceSupply Chain | Library update details Homebrew 6.0.0's new supply-chain security measures, which mimic npm's approach by requiring explicit user trust for third-party repositories and blocking untrusted installation scripts. This includes a "Guestlist" of pre-approved remote URLs and a `trusted` flag for state management, alongside Bubblewrap integration for sandboxing builds on Linux. Package maintainers and CI/CD pipelines may need to update installation instructions and scripts. |
| 2026-06-10 2026 | GitHub Takes Down 73 Microsoft Repos After Miasma Worm AttackSupply Chain | Writeup of the Miasma worm attack on Microsoft repositories, detailing its infiltration of 73 GitHub projects, including Azure and MicrosoftDocs. The worm, a variant of Mini Shai-Hulud, leveraged compromised contributor accounts to inject malicious commits that executed credential-harvesting payloads when code was opened in IDEs and AI coding tools like Claude Code, Gemini CLI, Cursor, and VS Code. This attack signifies a shift in software supply chain threats, targeting the developer environment itself as an attack surface rather than just installed packages. |
| 2026-05-22 2026 | Attackers Can Exploit a Claude Code RCE Flaw to Take Command of SystemRCE | Library for securing developer models, this entry details a critical RCE vulnerability in Anthropic's Claude Code (version 2.1.118). Attackers could exploit a parsing flaw in the `eagerParseCliFlag` function via crafted deeplinks to inject arbitrary commands, bypassing trust prompts and taking control of a victim's system. The vulnerability was discovered by Joernchen of 0day.click and has since been patched. |
| 2026-04-21 2026 | Critical Microsoft GitHub Flaw Highlights Dangers to CI/CD Pipelines: TenableSupply Chain | Critical Microsoft GitHub Flaw Highlights Dangers to CI/CD Pipelines: Tenable https://ift.tt/nvuCc9x |