TeamPCP's supply chain attack infected 170+ npm and PyPI packages like TanStack. Learn how the Mini Shai-Hulud worm bypasses SLSA and how to stop its wiper.
pnpm 11.0 is here with critical security defaults. Learn how 'minimumReleaseAge' and 'blockExoticSubdeps' protect your SDLC from immediate supply chain threats.
Master the OWASP Top 10 CI/CD Security Risks. Concrete attacks, code examples, and battle-tested controls to harden your pipelines against supply chain threats.
Traditional security frameworks don't map the modern software supply chain. Discover SITF, the new open-source SDLC Infrastructure Threat Framework by Wiz, designed to visualize, analyze, and prevent complex supply chain attacks.
The software supply chain is under relentless attack from campaigns like TeamPCP and the Axios hack. Learn actionable, step-by-step strategies to secure your CI/CD pipelines and developer endpoints.
A massive supply chain attack has hit the popular npm package Axios. Versions 1.14.1 and 0.30.4 deploy a stealthy Remote Access Trojan (RAT) via a fake dependency. Learn how to detect and remediate this critical threat.