惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
WordPress大学
WordPress大学
博客园 - 【当耐特】
Engineering at Meta
Engineering at Meta
IT之家
IT之家
Apple Machine Learning Research
Apple Machine Learning Research
小众软件
小众软件
美团技术团队
S
SegmentFault 最新的问题
The GitHub Blog
The GitHub Blog
Martin Fowler
Martin Fowler
Recorded Future
Recorded Future
H
Help Net Security
aimingoo的专栏
aimingoo的专栏
Y
Y Combinator Blog
博客园_首页
A
About on SuperTechFans
MongoDB | Blog
MongoDB | Blog
阮一峰的网络日志
阮一峰的网络日志
V
Visual Studio Blog
D
DataBreaches.Net
人人都是产品经理
人人都是产品经理
大猫的无限游戏
大猫的无限游戏
B
Blog
The Register - Security
The Register - Security
I
InfoQ
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
雷峰网
雷峰网
Last Week in AI
Last Week in AI
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
月光博客
月光博客
酷 壳 – CoolShell
酷 壳 – CoolShell
Blog — PlanetScale
Blog — PlanetScale
N
Netflix TechBlog - Medium
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
有赞技术团队
有赞技术团队
Stack Overflow Blog
Stack Overflow Blog
Jina AI
Jina AI
Security Archives - TechRepublic
Security Archives - TechRepublic
Hacker News - Newest:
Hacker News - Newest: "LLM"
U
Unit 42
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
W
WeLiveSecurity
Latest news
Latest news
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - 叶小钗
L
Lohrmann on Cybersecurity
博客园 - Franky
Recent Commits to openclaw:main
Recent Commits to openclaw:main
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO

Risky Business Media

Srsly Risky Biz: Ransomware uses AI to amp up negotiations Fortibleed: The bleeding edge of AI cybercrime Between Two Nerds: Exploits are not cyber power What to do 'til the bugpocalypse gets here Risky Bulletin: NSA Tailored Access Operations is back Sponsored: Why Sublime doesn’t toss AI at every email Srsly Risky Biz: US Supreme Court undermines Section 702 intel Risky Bulletin: DHS IG investigates forced CISA reassignments Soap Box: Using threat hunting to drive detection Between Two Nerds: Why AI has not meant more hacks. Yet. Risky Bulletin: EU official’s phone infected with Pegasus Risky Bulletin: FatFs bugs enable physical access attacks on a load of devices Srsly Risky Biz: America won't beat the distillation ecosystem Risky Bulletin: Researcher drops giant cache of zero-days Risky Business #844 -- China closes AI vulndev gap as USA lifts Fable ban Mythos on your desk? Using local LLMs for code reviews Between Two Nerds: Set cyberspace ablaze Risky Bulletin: White House asks OpenAI to restrict GPT 5.6 Sponsored: Corelight’s blueprint for AI-era defence Risky Bulletin: Operation Endgame dismantles Amadey and StealerC Srsly Risky Biz: Open weight models make the Mythos debate moot Risky Bulletin: FortiBleed hacks involved a lot of traffic sniffing Risky Business #843 -- Fortibleed is kinda awesome, actually Pitching security startups to VCs in the AI era Sponsored: Trail of Bits and OpenAI patch the planet Between Two Nerds: The PRC vs AI Risky Bulletin: Klue breach impacts security firms How using open weight models can blow up in your face Risky Bulletin: Creds for 74,000 Fortinet devices leaked Srsly Risky Biz: Anthropic has artificial, but not emotional, intelligence Risky Bulletin: China arrests Silver Fox cybercrime group suspects Risky Business #842 -- Anthropic needs an adult in the C suite The state of the art in AI model jailbreaks Between Two Nerds: Why NATO and cyber don't mix Risky Bulletin: Arch Linux supply chain attack hits 1,900 packages Sponsored: Ent on using AI to track human behavior on the endpoint Why NPM v12 won’t stop supply chain attacks Risky Bulletin: CISA tightens patching rules amid bug deluge Sponsored: Understanding CI/CD attack paths Srsly Risky Biz: Europe wants to wean itself off US tech Risky Bulletin: Nightmare Eclipse drops fresh 0day Risky Business #841 -- Microsoft gets owned and 0day'd Between Two Nerds: Nerds at NATO Risky Bulletin: RubyGems adds dependency cooldowns to counter supply chain attacks Everything is getting much worse, much faster Soap Box: Detection and response in the AI age Risky Bulletin: EU unveils digital sovereignty plan Srsly Risky Biz: NATO's cyber approach needs to change Risky Bulletin: FSB calls out Western spyware operation Risky Business #840 -- Microsoft walks back researcher threats Solo podcast: A deep dive on TeamPCP Between Two Nerds: The intelligence cult Risky Bulletin: Recently patched PAN 0day exploited in the wild Sponsored: Inside CISA's disastrous secrets leak Risky Bulletin: Dutch police take down 17m device botnet Risky Bulletin: Iran to reconnect to the Internet Risky Business #839 -- TeamPCP stole GitHub's internal repos Risky Bulletin: Mythos has found thousands of critical bugs Sponsored: Teaching AI agents the rules of the road Risky Bulletin: Microsoft ends SMS MFA for personal accounts How the CopyFail disclosure went sideways Risky Business #838 -- GitHub investigates possible breach
How to survive supply chain attacks
James Wilson · 2026-05-25 · via Risky Business Media

Risky Business Features Podcast

May 25, 2026

Presented by

James Wilson

James Wilson

Technology Editor

In this podcast James Wilson chats with Brad Arkin about why software supply chain attacks have gone from rare, once-in-a-while disasters to an operational problem affecting mainstream enterprises almost daily.

AI has made attackers faster, and “vibe coding” means the number of environments pulling packages from the internet has gone to the moon. It also means legacy tooling that seeks out the bad packages and cleans them up isn’t enough. Package cooldown windows won’t fix this either.

But all hope is not lost! Tune in to this podcast to find out how you can get a grip on the disaster de jour!

Your browser does not support the audio element.

How to survive supply chain attacks

0:00 / 36:51

Logo