supply chain

3 articles

Stop Auto-Updating Everything. Seriously.

The biggest supply chain attack in npm history just happened. 160+ packages compromised. If you had auto-updates on, you swallowed the poison automatically. Here's what to do instead.

May 28, 2026

supply chainVSCodeCVE

Your Code Editor Just Became a Backdoor. Here's What Happened.

A poisoned VS Code extension breached GitHub's internal repos. 3,800 repositories. 18 minutes. If you install extensions without thinking, you need to read this.

May 21, 2026

WordPressweb securitysupply chain

Your WordPress Site Is Probably Already Compromised

30-40% of WordPress sites are running plugins with known vulnerabilities. A supply chain attack just backdoored 400,000 sites through trusted plugin updates. If you run WordPress, read this.

May 4, 2026