my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Blog / #devsecops

The 48-Hour Secrets Sprint: How Three Registries Were Swept in One Weekend

John Z Black Apr 23, 2026

Threat Intelligence #supply-chain #npm #pypi #teampcp #xinference #canisterworm #checkmarx-kics #secrets-theft #devsecops

A coordinated 48-hour sprint hit npm, PyPI, and Docker Hub, targeting developer secrets at scale. From infected AI libraries to a trojanized security scanner, the supply chain is moving faster than your detection.

Read More

The CI/CD Supply Chain Crisis: Poisoning the Well at the Source

John Z Black Apr 22, 2026

Vulnerabilities & Patching #cicd #supply-chain #bamboo #gitlab #spinnaker #rce #devsecops

Attackers are ignoring the database and going for the person writing the code. Bamboo, GitLab, and Spinnaker are facing critical flaws that turn your build tools into weapons.

Read More

Your Security Scanner Was the Weapon: How the Trivy Supply Chain Attack Worked

John Z Black Mar 31, 2026

Threat Intelligence #trivy #supply-chain #github-actions #cicd #aqua-security #devsecops #secrets #sha-pinning #software-supply-chain

Read More

GitHub Is Becoming a Minefield for Developers. Most of Them Have No Idea.

John Z Black Mar 28, 2026

Threat Intelligence #github #supply-chain #developers #vscode #open-vsx #fake-stars #malware #devsecops

Three simultaneous attacks on GitHub's trust signals -- fake stars, weaponized security alerts, and a scanning bug that let 72 malicious extensions slip through -- show the reputation infrastructure developers rely on is broken.

Read More

The Toolchain Turned Hostile: Trivy and Langflow Show Security Pipeline Fragility

John Z Black Mar 21, 2026

Vulnerabilities & Patching #supply-chain #trivy #langflow #ci-cd #github-actions #ai-security #devsecops #gsocket

A compromised Trivy vulnerability scanner and an AI pipeline builder exploited within 20 hours of disclosure reveal a deepening problem: the tools developers trust for security are becoming high-value attack targets.

Read More

Developer Supply Chains Under Coordinated Assault: 88 Malicious npm Packages and a CVSS 9.8 in simple-git

John Z Black Mar 12, 2026

Developer Security #npm #supply-chain #developer-security #phantomraven #simple-git #ci-cd #aws #devsecops

PhantomRaven dropped 88 malicious npm packages targeting AWS credentials and CI secrets. A critical RCE in simple-git threatens millions of dev environments. Your developer toolchain is a target.

Read More