https://securityunlocked.com/tags/slsa/Recent content in Slsa on Security UnlockedHugoen-usMon, 08 Jun 2026 00:00:00 +0000https://securityunlocked.com/weekly-intelligence/the-registry-trusted-the-token/Mon, 08 Jun 2026 00:00:00 +0000https://securityunlocked.com/weekly-intelligence/the-registry-trusted-the-token/GitHub OIDC trusted-publishing solved the stored-credential problem and created a new attack surface in the same motion: three independent actors exploited it in a single week, producing malicious packages carrying valid provenance attestations.