122 results

The Range Shrinks, the Threat Remains: Re-evaluating LLM Package Hallucinations on the 2026 Frontier-Model Cohort

arXiv:2605.17062v2 Announce Type: replace Abstract: Spracklen et al. (USENIX Security '25) showed that code-generating large language models hallucinate package names that do not exist on PyPI or npm at rates ranging from 5.2% on commercial

Classport: Designing Runtime Dependency Introspection for Java

arXiv:2510.20340v4 Announce Type: replace-cross Abstract: Runtime introspection of dependencies, i.e., the ability to observe which dependencies are currently used during program execution, is fundamental for Software Supply Chain security.

LNTest: A Testbed for Evaluating Bitcoin Lightning Network-Based Botnets

arXiv:2606.12887v1 Announce Type: new Abstract: Bitcoin's Lightning Network (LN) can be exploited as a covert, low-cost command-and-control (C&C) channel for botnets, as demonstrated by the LNBot and D-LNBot designs. However, both remain pr

Introducing the JFrog Power for Kiro

A new CVE drops into a package you depend on. With the JFrog power for Kiro installed, your next move is a single prompt in your IDE, not a tab switch to the JFrog UI and thirty minutes of hand-rolled REST calls. This is what governed agent

How to Validate Policy-as-Code Without Breaking Builds (Even When AI Writes the Code)

Picture two realities for the same compliance control reaching production. Reality One: Your AppSec team writes a new rule. An engineer uses Claude Code or Cursor to generate the OPA (Open Policy Agent) Rego policy in minutes. They deploy i

Trust No Skill: Integrity Verification for AI Agent Supply Chains

Protect enterprise AI agents from supply chain risks by auditing third-party skills for hidden vulnerabilities and multi-stage attack chains. The post Trust No Skill: Integrity Verification for AI Agent Supply Chains appeared first on Unit

A Five-Plane Reference Architecture for Runtime Governance of Production AI Agents

arXiv:2606.12320v1 Announce Type: cross Abstract: Enterprise security was built to govern data boundaries: the protected surface was data at rest and in transit, and the controls -- access control, data-loss prevention, perimeter inspection

The Governance Gap: What IDC's 2026 Data Reveals About AI and the Software Supply Chain

In a landscape where executive teams demand immediate AI integration, engineering and security leaders find themselves navigating a complex operational balancing act. To explore how organizations can accelerate delivery pipelines without in

Our AI Agent Now Has a Security Conscience: Introducing the JFrog Plugin for Claude Code

AI coding agents are changing the pace of software development. With tools like Claude Code, developers can move from idea to implementation faster than ever, generating code, exploring unfamiliar repositories, refactoring services, and tur

GRAFT: Graphlet-Triggered Backdoor Attack on GNN-Based Hardware Security Systems

arXiv:2606.10163v1 Announce Type: new Abstract: The globalization of the integrated circuit (IC) supply chain increases the risk of security threats, such as hardware Trojans (HTs) and the theft of intellectual property (IP). Graph Neural N

Anchors that Don't Lift: Understanding Supply Chain Driven Kernel Lock-In and Governance-Mediated Mitigation Strategies in SOHO Devices

arXiv:2606.11175v1 Announce Type: new Abstract: Small Office/Home Office (SOHO) devices are widely popular, yet often attacked due to security vulnerabilities in their firmware, affecting thousands of devices. These security vulnerabilities

MalSkillBench: A Runtime-Verified Benchmark of Malicious Agent Skills

arXiv:2606.07131v2 Announce Type: replace Abstract: AI coding agents such as Claude Code and Gemini CLI increasingly extend themselves with third-party skills: markdown packages bundling natural-language instructions, executable scripts, an

GitInject: Real-World Prompt Injection Attacks in AI-Powered CI/CD Pipelines

arXiv:2606.09935v1 Announce Type: new Abstract: AI-powered agents are increasingly embedded in continuous integration and continuous delivery/deployment (CI/CD) pipelines to autonomously review pull requests (PRs), triage issues, and mainta

Best Software Composition Analysis Services: Top 8 in 2026

What are software composition analysis services? Software Composition Analysis (SCA) services are automated tools that scan codebases to find, identify, and manage open-source components, detecting security vulnerabilities (CVEs), licensing

OWASP Dependency-Track 5.0 Is Now Generally Available

OWASP Dependency-Track 5.0 Is Now Generally Available The largest redesign in the project's history brings horizontal scaling, fault tolerance, and software supply chain integrity verification to the widely used open source platform

Targeting World Models to Compromise Robot Learning Pipelines

arXiv:2606.09499v1 Announce Type: cross Abstract: World models have recently seen a rapid growth in both their popularity and capability as more data efficient tools for generating robot training data or simulating real world environments,

Customization under Fire: Plugin Poisoning in Text-to-Image Ecosystem

arXiv:2606.09151v1 Announce Type: new Abstract: The prosperity of text-to-image (T2I) models has fostered a vibrant share-and-play ecosystem centered on Low-Rank Adaptation (LoRA) plugins, which allow users to customize and share model capa

DPAgent-in-the-Middle: Agentic Defense and Repair Against AI-Groomed Deceptive Patterns

arXiv:2606.06914v1 Announce Type: new Abstract: Privacy deceptive patterns in web interfaces systematically manipulate users into disclosing personal data, yet existing defenses are fragmented, static, and increasingly vulnerable to manipul

MalSkillBench: A Runtime-Verified Benchmark of Malicious Agent Skills

arXiv:2606.07131v1 Announce Type: new Abstract: AI coding agents such as Claude Code and Gemini CLI increasingly extend themselves with third-party skills: markdown packages bundling natural-language instructions, executable scripts, and to

Securing CI/CD in an agentic world: Claude Code Github action case

Microsoft Threat Intelligence discovered that Anthropic's Claude Code GitHub Action could expose CI/CD workflow secrets when AI agents process untrusted GitHub content, including issue bodies, pull request descriptions, and comments. We fou

Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us

In this article Why the Taxonomy Needed Updating Seven new failure modes Operational findings: What red teaming showed New mitigations What to do this quarter When the Microsoft AI Red Team published the Taxonomy of Failure Modes in Agentic

CVE-2026-25253

Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us

In this article Why the Taxonomy Needed Updating Seven new failure modes Operational findings: What red teaming showed New mitigations What to do this quarter When the Microsoft AI Red Team published the Taxonomy of Failure Modes in Agentic

CVE-2026-25253

NVIDIA NIM Models Are Now Governed Assets in Your Supply Chain

NVIDIA NIM (NVIDIA Inference Microservices) packages production-ready AI models into optimized containers for enterprise deployment. Your developers need them. Your coding agents pull them. And until now, they pulled them directly from NVID

Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp

A new npm worm is abusing binding.gyp to trigger node-gyp during install, letting malicious packages run code without lifecycle scripts. It steals credentials, persists in GitHub, and self-propagates across maintainers.

Talk to Your Platform: Spin Up JFrog Self-Service Trials with MCP – No Human Intervention Required

JFrog is one of the first Software Supply Chain Management and Security Platforms to provide MCP functionality, which we have now opened up to anyone interested in trying Claude and Cursor in their own development environment. Doing a free

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

In this article Attack chain overview Mitigation and protection guidance Learn more Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under

The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2)

Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. The post The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2) appeared first on Un

Introducing the Global Software Supply Chain Excellence Awards: Celebrating the People Behind the Software Pipelines

Today, JFrog is proud to introduce the Software Supply Chain Excellence Awards , the first-ever customer awards program created to spotlight the teams and individuals who are doing the hard work of securing and scaling modern software deliv

Trusted AI Adoption (Part 2): Detection

It's Monday morning. Your coding agents ran all weekend. Your security dashboard shows the exact same numbers it did Friday afternoon. Same models, the same approved Model Context Protocol (MCP) servers, the same AI assets you are familiar

Miasma: Supply Chain Attack Targeting RedHat npm Packages

Detect and mitigate malicious npm packages linked to the latest npm supply chain attack, based on the open sourced Mini Shai-Hulud malware.

Containers on fire: from container escapes to supply chain attacks

Introduction Modern infrastructures universally rely on containerization to deploy applications, scale services, and build cloud platforms. The use of Docker, Kubernetes, and similar technologies has become the corporate standard for effici

CVE-2019-5736

Miasma supply chain attack: malicious code found in @redhat-cloud-services npm packages

A supply chain worm dubbed Miasma has been found in dozens of @redhat-cloud-services npm releases. The malicious preinstall hook steals credentials, probes cloud identities, and can republish other packages.

Malicious npm packages abuse dependency confusion to profile developer environments

In this article Attack chain overview Threat actor attribution Mitigation and protection guidance Indicators of Compromise (IOC) References Learn more Microsoft Threat Intelligence has uncovered an active supply chain attack involving malic

Malicious npm packages abuse dependency confusion to profile developer environments

In this article Attack chain overview Threat actor attribution Mitigation and protection guidance Indicators of Compromise (IOC) References Learn more Microsoft Threat Intelligence has uncovered an active supply chain attack involving malic

Typosquatted npm packages used to steal cloud and CI/CD secrets

In this article Attack chain overview The lure: typosquats and spoofed metadata Execution: npm lifecycle hook abuse Gen-1 stager: HTTP C2 beacon and payload drop Gen-2 stager: abusing the legitimate Bun runtime as a loader Credential theft

Typosquatted npm packages used to steal cloud and CI/CD secrets

In this article Attack chain overview The lure: typosquats and spoofed metadata Execution: npm lifecycle hook abuse Gen-1 stager: HTTP C2 beacon and payload drop Gen-2 stager: abusing the legitimate Bun runtime as a loader Credential theft

OWASP Top 10 for LLM Applications: Risks, Impact, and Mitigation

What is OWASP Top 10 for LLM Applications? The 2025 OWASP Top 10 for LLM Applications is yet another monumental effort from OWASP made possible by a large number of experts in the fields of AI, cybersecurity, cloud technology, and beyond. T

Authenticated RCE via Argument Injection in Gogs (NOT FIXED)

Overview Rapid7 Labs discovered a critical argument injection ( CWE-88 ) vulnerability in Gogs , a popular open-source self-hosted Git service. Rapid7 Labs scores this vulnerability as CVSSv4 9.4 (Critical). The vulnerability allows any aut

Download pumping: New npm deception technique for supply chain attacks

Learn how attackers exploit automated bot traffic as part of software supply chain attacks to artificially inflate download counters and mask malicious payloads as legitimate. Key takeaways Volume doesn't equal trust. Packages with nu

Introducing Package Traffic Controller: Software Supply Chain Security at the Network Edge

Imagine this: your security team has done everything right. All development teams are using a centrally managed artifact repository with scanning in place. Your engineering organization has clear policies about where packages can come from.

Laravel Lang Supply Chain Advisory

Hundreds of historical Laravel Lang Packagist releases were republished with malicious code, putting Composer installs at risk of credential theft and secret exfiltration.

Laravel-Lang Composer tag-rewrite Supply Chain Attack

On 2026-05-22, an attacker rewrote every repository tag across four Composer packages in the Laravel-Lang ecosystem to point at malicious commits. The affected packages are laravel-lang/lang, laravel-lang/attributes, laravel-lang/http-statu

Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign

A self-propagating worm has compromised more than 170 npm and PyPI packages, defeating provenance attestation and breaching OpenAI and Mistral AI. Here is what you need to know. Key takeaways Mini Shai-Hulud is a self-propagating wo

The Governance Gap Between Your Policy and Your Pipeline

Security teams are under more pressure than ever, and most of them believe they're keeping up. That confidence, it turns out, may be the most consequential finding in the JFrog 2026 Software Supply Chain Security State of the Union . Across

The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised

A day after the AntV npm supply chain attack, the same campaign appears to have struck `durabletask`, a Microsoft-associated Python package on PyPI. Snyk has coverage in the vulnerability database and package health pages. Here's what we kn

The Agent Has Entered the Supply Chain

Software Delivery in the Age of Agents The way software gets built has fundamentally shifted. AI coding agents are no longer just autocomplete on steroids; they're resolving packages, configuring environments, selecting tools, and in some c

Mini Shai-Hulud Hits @antv: 323 npm Packages Compromised Through the atool Maintainer Account

An active supply chain attack has compromised 323 npm packages published under the atool npm maintainer account. The wave sweeps the entire @antv data-visualization organization alongside standalone libraries with wide independent adoption:

Turn Blind Trust into Verified Control with Prompt Security for Agentic AI

Agentic AI is no longer theoretical. It's already embedded across enterprises inside developer workflows, SaaS platforms, and operational pipelines. It is executing tasks, chaining actions, and interacting with critical systems at machine s