Posts tagged with #supply-chain

A recent large-scale supply chain attack targeting the widely used Tanstack library has sent shockwaves through the JavaScript ecosystem. This incident, impacting billions of downloads, underscores critical vulnerabilities in default package management practices and highlights the urgent need for enhanced security measures.

A severe supply chain vulnerability in the Mintlify documentation platform allowed for widespread compromise of clients including Discord, Vercel, and Twitter. Discovered by a 16-year-old researcher, the flaw exposed environment variables and enabled potent XSS attacks.