Slopsquatting, worms, repojacking, ghost releases — another week in the running battle between FOSS maintainers and increasingly sophisticated supply chain attackers. On May 12 (1pm ET) I’m hosting a Chainguard webinar on takeaways from the recent wave (Trivy, LiteLLM, Axios), focused on the mechanisms rather than the incident specifics because these attacks are going to be old news soon, but the mechanisms will probably be repeated.
Takeaways from Major Software Supply Chain Attacks
Chainguard webinar — May 12, 2026, 1pm ET