The practical checklist for defending against supply chain attacks
Supply chain attacks are having a moment. Open-source malware detections jumped 73% in 2025. In the past year, the debug and chalk packages were backdoored, the tj-actions GitHub Action was compromised and pulled malicious code into thousands of pipelines, and the axios maintainer account was hijacked and used to distribute a RAT. Malicious releases also hit Zapier, ENS Domains, PostHog, and Bitwarden CLI. Every one of these attacks was preventable with controls that were available at the time.