Tag: supply-chain
All the articles with the tag "supply-chain".
-
Supply Chain & AI Rules File Backdoor: Typosquat → Poisoned Skill → Runtime Backdoor
A two-flag chain that walks an attacker from a developer's stray dev-comment, through a typosquatted npm package, into an AI rules file dropped on disk, ending with a runtime backdoor the AI agent silently injected into the application's admin API.
