https://securityunlocked.com/tags/supply-chain/Recent content in Supply-Chain on Security UnlockedHugoen-usTue, 21 Apr 2026 00:00:00 +0000https://securityunlocked.com/articles/defenders-under-siege-how-adversaries-turned-security-tools-into-weapons-this-week/Tue, 21 Apr 2026 00:00:00 +0000https://securityunlocked.com/articles/defenders-under-siege-how-adversaries-turned-security-tools-into-weapons-this-week/Three incidents this week reveal the same strategic pattern: attackers turning trusted defensive infrastructure into weapons. Microsoft Defender zero-days, the Trivy scanner compromise that breached the European Commission, and UNC6783’s live-chat social engineering all exploit a cognitive constant: defenders don’t question the tools they depend on.https://securityunlocked.com/briefs/mythos-finds-zero-days.-npm-found-three-more./Sun, 12 Apr 2026 00:00:00 +0000https://securityunlocked.com/briefs/mythos-finds-zero-days.-npm-found-three-more./The same week Anthropic unveiled an AI that autonomously finds zero-days, its own CLI shipped a CVSS 9.8 command injection, exposed by a debugging artifact that had been sitting in an npm package since March 31.https://securityunlocked.com/briefs/trust-is-the-exploit/Mon, 06 Apr 2026 00:00:00 +0000https://securityunlocked.com/briefs/trust-is-the-exploit/From a six-month DPRK social engineering operation to mass exploitation of developer ecosystems, this week’s threat landscape reveals that the most reliable attack surface is the trust we extend by default.