#Software Supply Chain

1 articles

A cybersecurity-themed visual showing a complex chain of glowing digital code blocks, with several b

Supply Chain Attack Targets NPM Ecosystem: Hundreds of Malicious Packages Bypass Provenance

A hacker group, TeamPCP, stole maintainer accounts to publish over 600 malicious npm packages that bypassed Sigstore verification. This highlights major logic vulnerabilities in digital signatures and open-source supply chain risks.

Kenji·May 23, 2026·2 min read

#Software Supply Chain | Vela