Articles by tag: supply-chain
Nvidia CPO Switch: Mass Production of Spectrum-X and Supply Chain Revolution
Analysis of mass production of Nvidia Spectrum-X CPO switches: why it kills the optical modules market, who wins and loses, hidden consequences for the supply chain.
CoPoS: TSMC demands exclusivity from partners
TSMC imposes strict supply bans on competitors, locking the CoPoS supply chain. Learn how this will change the chip market and why AI giants are losing choice.
Python Security Tools from Astral
Astral (Ruff, uv) launches open source PyPI dependency audit. Protection from CVE, malware in supply chain. Integration with uv for middle/senior dev. Learn details and plans.
Backdoor in WordPress plugins: C2 in Ethereum
Breakdown of attack on 30+ WP plugins: PHP deserialization, cloaking spam, persistent C2 in smart contract. Cleanup checklist and supply-chain protection. Check your site now.
Telnyx Hack on PyPI: Theft of Keys and Tokens
Hackers injected malware into Telnyx 4.87.1/4.87.2 via WAV steganography. Roll back to 4.87.0, change keys. Developer's guide to detection and protection.
Stealer in LiteLLM: key theft on Python startup
Stealer of API keys, SSH, AWS discovered in LiteLLM 1.82.7/1.82.8. Activation on Python start. Recommendations for auditing and replacing keys for developers.
Attack on litellm: credentials theft in PyPI
Details of litellm 1.82.7/1.82.8 compromise: collection of SSH keys, K8s secrets, exfiltration. Instructions for checking, removal, and rotation. Protect systems from TeamPCP.
iOS and npm Exploits Leaks in March 2026
Breakdown of Key Cybersecurity Incidents: Coruna, DarkSword, Axios, Claude Code. Supply Chain Compromises and Regulations. For Developers — How to Protect CI/CD and Source Code. Read the Analysis.
Top CVE March 2026: RCE in Cisco and Langflow
Critical vulnerabilities March 2026: Cisco FMC deserialization, Langflow RCE, Chrome zero-day, Trivy supply chain. Patches, exploits, mitigation for DevSecOps. Update systems now.
RAT in Axios npm: phantom dependency and Claude Code leak
Analysis of attacks on Axios and Anthropic: RAT via postinstall, sourcemap leak of 512k lines. Checks, IOC, clean-room Python implementation. For middle/senior dev.
Evil merge in Git: malware in merge commit
Learn how malware was injected into Git merge commits. Obfuscation via blockchain, detector in Go. Tools for CI/CD and repository protection. Scan history now.
AI agents took down prod: lessons from Kiro and LiteLLM
AWS Kiro, Meta incidents and LiteLLM attack revealed risks of autonomous AI in prod. Policy gates, blast limits and CI/CD hygiene — key measures. Study the conclusions for secure DevOps.
Technologies and global markets: AI, crypto regulation, supply chains
Analysis of key trends: NVIDIA shifts focus to AI, SEC regulates crypto market, chip smuggling. For developers and technical specialists.