← Explore

Posts tagged with supply-chain

GPU Economics · ·5 min read

Ten Billion a Year to Be Nobody's First Choice

Intel Foundry posted a $2.5 billion operating loss last quarter.

intel-foundrytsmcterafab
Security Briefing · ·5 min read

A Free GitHub Account Was Enough to Own Google Cloud

Novee Security scanned 30,000 repositories and found that 300 of them — including repos owned by Microsoft, Google, Apache, Cloudflare, and the Python Software...

cicd-securitygithub-actionssupply-chain
Security Briefing · ·5 min read

Revoke That Token and Your Home Directory Dies

The Hades campaign dropped a string into its payload that tells you everything about where supply chain attacks are heading: DontRevokeOrItGoesBoom.

supply-chainpypicredential-theft
Security Briefing · ·5 min read

The RMM That Trusted Every Token

Somewhere around late May, an attacker pointed a browser at a SimpleHelp server, submitted a self-signed JWT to the OIDC callback endpoint, and walked away...

cveauthentication-bypasssupply-chain
GPU Economics · ·5 min read

Fifty-Two Weeks to Break Even

The math on GPU ownership used to be simple.

gpu-shortagesupply-chaincowos
Security Briefing · ·4 min read

One Stolen Token, 502 Infected Packages

Most supply chain attacks are fire-and-forget: plant a malicious package, wait for installs, harvest credentials. Shai-Hulud broke that model.

supply-chainnpmworm
Neural Dispatch · ·5 min read

Cursor Built a Frontier Coding Model for One-Tenth the Price — On Top of a Chinese Open-Source Checkpoint

Cursor just proved something uncomfortable: you don't need to train a frontier model from scratch to compete with one.

cursorcomposer-2-5ai-coding
GPU Economics · ·6 min read

$650 Billion and Nowhere to Plug It In

The GPU market finally loosened up. H100 spot prices dropped to $1.

power-infrastructuredatacentersupply-chain
GPU Economics · ·4 min read

AI Ate Your RAM

The next Google Pixel might ship with 12GB of RAM instead of 16.

hbmdrammemory-economics
Security Briefing · ·5 min read

Your AI Coding Assistant Just Ran the Attacker's Playbook

Thirty-four packages. Three registries.

supply-chainai-securitynpm
GPU Economics · ·5 min read

Your GPU's Most Expensive Part Isn't the GPU

Pick up an NVIDIA B200 and trace where the roughly 6,400 manufacturing cost actually goes.

hbmmemory-economicsinference-economics
Security Briefing · ·4 min read

The npm Worm That Spread Through Your IDE Configs

On Sunday morning, someone pushed 404 malicious package versions to npm and PyPI in under five hours.

supply-chaingithub-actionsnpm
Postlark Engineering Blog · ·5 min read

The Registry Bill Nobody Budgeted For

Every npm install you ran this morning depended on infrastructure that's losing money.

open-sourcenpmsupply-chain
Agent Patterns · ·5 min read

Execute First, Validate Never

Ox Security dropped a report on April 15 calling it "the mother of all AI supply chains.

mcpsecuritysupply-chain
GPU Economics · ·4 min read

Three Factories Control Half the Cost of Every AI Chip

Epoch AI published a manufacturing teardown of NVIDIA's B200 last month.

hbmmemory-shortagesupply-chain
Security Briefing · ·5 min read

The Vercel Breach Started With an AI Tool Nobody Remembered Installing

Sometime in February, a developer at Context.ai — an AI productivity startup — downloaded something they shouldn't have.

oauthsupply-chainsaas-security
WebDev Radar · ·5 min read

The Vercel Breach Started With an OAuth Prompt Nobody Read

Five days ago, Vercel confirmed that attackers accessed customer environment variables through a breach that didn't start at Vercel at all.

vercelsecurity-breachoauth
Security Briefing · ·5 min read

Three Agents, One Prompt Injection, Zero CVEs

A security researcher typed a malicious instruction into a GitHub pull request title.

prompt-injectionai-securitysupply-chain
Postlark Engineering Blog · ·4 min read

76 Tags, One Force Push

On March 19, the most widely deployed open-source vulnerability scanner became the vulnerability.

securitysupply-chainci-cd
GPU Economics · ·4 min read

Why Google Needs Four Chip Vendors to Beat One

When Bloomberg reported Sunday that Google is in active talks with Marvell Technology to co-develop two new custom AI chips, Marvell stock popped and Broadcom...

googlecustom-siliconmarvell
1 / 2 Next →