Install GitHub App 
Agent Skills Threat Model
Discover critical security threats in Agent Skills - Anthropic's open format for AI agent capabilities. Learn about supply chain attacks, deferred code execution, prompt injection, and multiple...
security
Shai-Hulud Supply Chain Attack Incident Response
The Shai-Hulud supply chain attack is a major incident targeting developers through malicious packages in the npm ecosystem. This post outlines the incident response steps that can be taken to...
Software Bill of Materials: Foundation for Trust in Software Supply Chain
Modern software rarely ships as a single, hand-crafted binary. Instead, it is assembled from hundreds, sometimes thousands of third-party components that evolve on their own schedule. Knowing exactly...
Unpacking CVE-2025-55182: React Server Components RCE Exploit Deep Dive and SBOM-Driven Identification
A critical pre-authenticated remote code execution vulnerability (CVE-2025-55182) was disclosed in React Server Components, affecting Next.js applications using the App Router. Learn about the...
TensorFlow.js Typosquatting Attack: Malicious Package Targeting AI/ML Developers
A malicious NPM package targeting TensorFlow users was discovered on npm. The package uses typosquatting to target the popular `tensorflow` package.
๐ Introducing GitLab CI/CD Component
Introducing GitLab CI/CD Component, available in GiLab CI Catalog for seamless integration of vet in GitLab CI. Protect against vulnerable and malicious packages in your GitLab projects.
