3 articles

📰 Dev.to · Toni Antunovic

Articles from Dev.to · Toni Antunovic · 3 articles · Updated every 3 hours · View all reads

All ⚡ AI Lessons (9068) ArXiv cs.AIDev.to · FORUM WEBForbes InnovationOpenAI NewsDev.to AIHugging Face Blog
When Your Security Scanner Becomes the Weapon: Lessons from the Trivy Supply Chain Attack
Dev.to · Toni Antunovic 4d ago
When Your Security Scanner Becomes the Weapon: Lessons from the Trivy Supply Chain Attack
The TeamPCP group hijacked 75 tags of trivy-action on GitHub, turning every CI/CD pipeline that called Trivy into a silent credentials exfiltration machine. Her
Read article → + Playlist
npm Provenance and SLSA: The Supply Chain Hygiene Baseline Every Team Needs in 2026
Dev.to · Toni Antunovic 1w ago
npm Provenance and SLSA: The Supply Chain Hygiene Baseline Every Team Needs in 2026
The Axios supply chain attack exposed a critical gap: provenance attestations existed but a legacy token bypassed them entirely. Here is how to close that gap w
Read article → + Playlist
MCP Connector Poisoning: How Compromised npm Packages Hijack Your AI Agent
Dev.to · Toni Antunovic 1w ago
MCP Connector Poisoning: How Compromised npm Packages Hijack Your AI Agent
The axios npm supply chain attack of March 2026 deployed a RAT through AI coding agents autonomously running npm install. Learn how MCP connector poisoning work
Read article → + Playlist