» Tag
supply-chain-security
4 posts6–Jul 12, 2026
New Attack Class: Agent Data Injection (ADI) in AI Agents
Researchers uncovered a new attack class that tricks AI agents via fake trusted metadata, exposing critical vulnerabilities in Claude, Codex, and Gemini CLI agents.
ai-securityprompt-injectionllm-agentscybersecurityResearchers Uncover Git Hash Chain Malleability in Signed Commits
New research shows signed Git commit hashes can be altered while keeping a valid signature and GitHub's Verified badge, undermining commit integrity assumptions.
gitcryptographysupply-chain-securityecdsaCursor and OpenVSX face extension hijacking risk
Trendyol's security team uncovered a live namespace-squatting attack abusing OpenVSX to hijack extensions in Cursor, VSCodium, Windsurf and other VS Code forks.
supply-chain-securityopenvsxcursorvscodeBağımlılıklar Neden Doğrudan VCS'den Çekilmeli: Go vs RubyGems
Go modüllerinin VCS tabanlı bağımlılık modeli ile RubyGems/npm'in paket yayınlama modeli karşılaştırılıyor; tedarik zinciri güvenliği ve denetim kolaylığı ele alınıyor.
dependency-managementsupply-chain-securitygoruby