Learn

Learn about software supply chain security and Endor Labs.

Featured resources

Agent Security League: Evaluating the Security of AI-Coded Software
Ebook/Report

Agent Security League: Evaluating the Security of AI-Coded Software

Apr 15, 2026
Ebook/Report

Malware in Open Source Ecosystems

Apr 1, 2026
Blog

Axios compromised: hijacked maintainer account pushes malicious npm versions

Mar 30, 2026
Ebook/Report

A Practitioner’s Guide to Responding to the TeamPCP Supply Chain Attacks

Mar 27, 2026
Show filters
Topic
Medium
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
AI/ML
It's About Thyme: How a Whitespace Character Broke Thymeleaf's Expression Sandbox (CVE-2026-40478)
Blog

It's About Thyme: How a Whitespace Character Broke Thymeleaf's Expression Sandbox (CVE-2026-40478)

Apr 16, 2026
AI/ML
Agent Security League: Evaluating the Security of AI-Coded Software
Ebook/Report

Agent Security League: Evaluating the Security of AI-Coded Software

Apr 15, 2026
AI/ML
Is AI Coding Safe? Introducing the Agent Security League
Blog

Is AI Coding Safe? Introducing the Agent Security League

Apr 15, 2026
Malware
Open Source
Security
The Unkillable C2: How Attackers Are Moving Command and Control to the Blockchain
Blog

The Unkillable C2: How Attackers Are Moving Command and Control to the Blockchain

Apr 13, 2026
Security
News
Open Source
Root in One Request: Marimo's Critical Pre-Auth RCE (CVE-2026-39987)
Blog

Root in One Request: Marimo's Critical Pre-Auth RCE (CVE-2026-39987)

Apr 9, 2026
Security
Malware
What Security and Engineering Teams Fear Most About Malware
Blog

What Security and Engineering Teams Fear Most About Malware

Apr 8, 2026
No items found.
Ebook/Report

Malware in Open Source Ecosystems

Apr 1, 2026
News
Malware
Security
New research: malware in open source ecosystems surges 14x as attackers hijack trusted packages
Blog

New research: malware in open source ecosystems surges 14x as attackers hijack trusted packages

Apr 1, 2026
Security
Malware
Blog

Axios compromised: hijacked maintainer account pushes malicious npm versions

Mar 30, 2026
Malware
Ebook/Report

A Practitioner’s Guide to Responding to the TeamPCP Supply Chain Attacks

Mar 27, 2026
Malware
Security
Blog

TeamPCP Strikes Again: Telnyx Compromised Three Days After LiteLLM

Mar 27, 2026
CI/CD
Blog

What We Can Learn About GitHub Actions Security from the Trivy Breach

Mar 26, 2026
Opinion
Blog

SolarWinds took a nation-state. The next attack just needs an LLM and $5.

Mar 26, 2026
Malware
Security
Blog

TeamPCP Isn't Done: Threat Actor Behind Trivy and KICS Compromises Now Hits LiteLLM's 95 Million Monthly Downloads on PyPI

Mar 24, 2026
Security
Malware
Blog

CanisterWorm: Malicious npm Packages Deploy Self-Propagating Supply Chain Worm

Mar 21, 2026
AI/ML
Security
AURI: Security Intelligence for Agentic Software Development
Solution Brief

AURI: Security Intelligence for Agentic Software Development

Mar 19, 2026
Malware
Malicious 'Pyronut' Package Backdoors Telegram Bots with Remote Code Execution
Blog

Malicious 'Pyronut' Package Backdoors Telegram Bots with Remote Code Execution

Mar 18, 2026
Security
Malware
Blog

npm is serving malware to 134,000 developers, and the maintainer can’t stop it

Mar 18, 2026
News
Endor Labs + Zscaler: Zero Trust Application Security for the AI Era
Blog

Endor Labs + Zscaler: Zero Trust Application Security for the AI Era

Mar 17, 2026
Opinion
Compliance & SBOM
How the EU Cyber Resilience Act (CRA) rewrites the rules of software liability
Blog

How the EU Cyber Resilience Act (CRA) rewrites the rules of software liability

Mar 13, 2026
Security
Malware
Blog

The Return of PhantomRaven: Detecting Three New Waves of npm Supply Chain Attacks

Mar 10, 2026

Want to stay in the loop?

Sign up for our newsletter.

Welcome to the resistance
Oops! Something went wrong while submitting the form.