Tag

#software supply chain

7 stories taggedsoftware supply chain.

A dimly lit server room at night, rows of glowing blue and green indicator lights on rack-mounted hardware stretching into the distance, empty operator chairs i
AI Security

Your AI Coding Bots Are Running Unsupervised and Nobody Knows What They Did Last Night

AI agents inside software development teams can write, test, and deploy code on their own, often with no human checking what they did. Most companies have no way to answer a simple question: who authorised that change?

4 min
Full-frame photoreal editorial image of a developer workstation at night, two nearly identical strings of hexadecimal characters glowing softly on a dark monito
Cloud Security

GitHub's Green 'Verified' Badge Can Lie: Signed Commits Cloned Without the Key

Researchers show anyone can produce a second signed commit that matches the author, date and files of a real one, keeping GitHub's Verified stamp while changing the unique fingerprint developers rely on.

4 min
Full-frame photoreal editorial image of a modern developer's desk at dusk, two monitors glowing with abstract lines of code, one screen subtly tinted a cool blu
AI Security

When AI writes your code, your supply chain just got a new stranger in it

For years, defenders worried about which open-source parts sat inside their software. Now an AI assistant is quietly adding parts of its own, and nobody is quite sure who owns the risk.

4 min
Photoreal news-editorial photograph, 16:9 framing, full-frame edge-to-edge composition
Policy & Regulation

The Software Safety Label Problem: Why What Companies Ship Often Doesn't Match What They Report

A growing body of regulation now requires software makers to list every component inside their products. A Toronto-based firm says most of those lists are wrong before the ink dries, and regulators are starting to agree.

3 min
Cloud Security

AWS Continuum Wants to Close the Gap Between AI-Generated Code and AI-Fixed Vulnerabilities

Amazon's new agentic security service promises continuous discovery, triage, and remediation. In practice, it's a bet that the same AI acceleration creating your backlog can also drain it.

3 min
Threat Intelligence

Three Stories You Probably Missed: Trump Mobile Leak, FIFA Phishing, and CISA's Supply Chain Cleanup

A customer data exposure, a tournament-themed phishing campaign, and a federal agency scrambling to respond to upstream compromise — a busy week for the incidents no one headlined.

2 min
Vulnerabilities

Your CI Pipeline Is Already Too Late — CVE Lite CLI Disagrees With Your Entire Workflow

An OWASP-backed JavaScript dependency scanner built by Sonu Kapoor wants to catch vulnerable packages the moment a developer types the install command, not when the build breaks at 2 a.m.

3 min
© 2026 Threat Vectr