i know the answer is to engineer differently but im down for smashing fingers with hammers
Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise
Submitted 1 week ago by cm0002@lemmings.world to cybersecurity@infosec.pub
https://www.theregister.com/2026/04/11/trivy_axios_supply_chain_attacks/
14th_cylon@lemmy.zip 1 week ago
First, attackers hit Trivy, a vulnerability scanner with more than 100,000 users and contributors that is embedded in thousands of CI/CD pipelines. Up next: Axios, an open-source JavaScript library that has about 100 million weekly downloads and runs in 80 percent of cloud and code environments.