It's time to treat browser extensions like supply chain attack vectors
The Vercel breach followed a pattern the security industry knows well, where third-party code is implicitly trusted, then compromised upstream. We have a framework for that. We just haven't applied…
Read the full articleYou might also wanna read
Inside real supply chain attacks: Bitwarden CLI, Axios, and Vercel
Why breach your network when attackers can compromise a trusted dependency with millions of downloads and slip silently into thousands of or
Vercel Security Breach: OAuth Supply Chain Attack Exposes Platform Environment Variable Risks
An OAuth supply chain compromise at Vercel exposed how trusted third party apps and platform environment variables can bypass traditional de
Supply Chain Attacks on Open-Source Software: Case Study of Malicious Pull Request Attempts
Just in the last 7 days, we've seen LiteLLM and axios impacted by supply chain attacks. Recently, I was chatting with Bereket Engida, the cr
Vercel Discloses Security Breach as Hackers Claim to Sell Stolen Data
Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempt
JavaScript Community Faces Reckoning After Major Supply-Chain Attack
In the wake of the largest supply-chain attack in history, the JavaScript community could have a moment of reckoning and decide: never again

September 2025 NPM supply-chain attack compromises popular JavaScript packages
In September 2025, the JavaScript ecosystem faced one of its most disruptive security events to date: a coordinated software supply-chain at

Comments
Sign in to join the conversation.
No comments yet. Be the first.