Supply Chain - 1

2026 (1)

January (1)

security: Case study: Securing AI application supply chains

Microsoft Security Blog

2026-01-30

The article argues that securing AI-powered applications requires a holistic supply-chain approach beyond protecting prompts, including monitoring frameworks, SDKs, and orchestration layers, plus enforcing strong runtime controls so security teams can detect, respond to, and remediate risks before exploitation.

2025 (2)

December (1)

security: Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack

Microsoft Security Blog

2025-12-09

Shai‑Hulud 2.0 is a large-scale supply chain attack in which adversaries maliciously modified hundreds of public packages to compromise developer environments, CI/CD pipelines, and cloud workloads in order to harvest credentials and configuration secrets. Microsoft published guidance to detect, investigate, and defend against these compromises across development toolchains, build systems, and cloud assets.

September (1)

security: XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory

Microsoft Security Blog

2025-09-25

Microsoft Threat Intelligence has identified a new variant of the XCSSET malware that targets Xcode projects used by developers building Apple and macOS applications, detailed in a Microsoft Security Blog post.