Posts tagged with: supply chain
-
Vibe Coding Is Shipping Vulnerabilities to Production. Here's the Data.
91.5% of vibe-coded apps had at least one vulnerability in Q1 2026. Real incidents — Moltbook, Lovable, Orchids — show what happens when AI-generated code ships without security review. Policy-as-code defenses that actually stop it.
-
MCP Security in 2026: Real CVEs, Exploit Chains, and Policy-as-Code Defenses for AI Tool Infrastructure
A technical analysis of Model Context Protocol (MCP) security vulnerabilities including CVE-2025-6514 (CVSS 9.6), the Anthropic mcp-server-git RCE chain, and real supply chain incidents. Learn the four MCP threat layers and implement policy-as-code defenses with OPA and Falco.
-
Critical Container Registry Security Flaw: How Multi-Architecture Manifests Create Attack Vectors
A deep dive into the new ContainerHijack attack vector that allows attackers to poison container registries and bypass image scanning. Learn how it works and how to apply immediate policy-based mitigations.
-
BREAKING: Massive CI/CD Pipeline Injection Attack Compromises 10,000+ Repositories
A sophisticated supply chain attack targeting CI/CD pipelines has compromised over 10,000 GitHub repositories. The attack, dubbed 'PipelinePhantom,' exploits a previously unknown vulnerability in how GitHub Actions handles workflow file parsing.