Skip to main content

Briefing Zero-days CVEs IOCs NewsActors Vendors Licenses Help

⌘+KWorkspace→

Real-time security intelligence — KEV, CVEs, exploits, threat actors and IOCs unified into one live view.

Sources Status API docs Licenses Help Security disclosure

© 2026 ZeroDayAttack · Public data from CISA · NIST · MITRE · FIRST · OSV · GitHub · abuse.ch — not a security advisory.

Built by Kiril Urbonas

ZeroDayAttack — AppSec intelligence aggregator

Search

122 results

For "supply chain" across CVEs, vendor advisories, threat actors, IOCs, security research, and news.

All122 Vulnerabilities50 Threat actors5 Vendor advisories1 Research50 News16 IOCs0

Instant answer

Supply-chain attacks

Latest analysis of npm/PyPI/cargo registry compromises, dependency confusion, and self-replicating worms (Shai-Hulud).

Recent coverage

redditnetsecThe Axios npm compromise was visible in registry metadata before anyone ran npm install8 h ago
jfrogInside EveryOps APAC: What India and Australia’s Tech Leaders Are Focused On1 d ago

Vendor advisories

1

cisa-aasupply-chain-compromises-impact-nx-console-and-github-repositories16 d ago
Supply Chain Compromises Impact Nx Console and GitHub Repositories

arxivClassport: Designing Runtime Dependency Introspection for Java1 d ago

jfrogIntroducing the JFrog Power for Kiro1 d ago

jfrogHow to Validate Policy-as-Code Without Breaking Builds (Even When AI Writes the Code)1 d ago

unit42Trust No Skill: Integrity Verification for AI Agent Supply Chains2 d ago

thehackernewsGitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks2 d ago

sansiscTeamPCP Supply Chain Campaign: Activity Through 2026-06-07, (Mon, Jun 8th)4 d ago

All Shai-Hulud research