Spotted in @TheEconomist 🤩 The same models helping you write code are helping attackers exploit it. The only option is to start secure. Build for the moment. Build with the trusted source for open source.

On June 3, 2026, attackers compromised 286 versions across 57 npm projects, totaling more than 500K monthly downloads. This is the latest wave of the Shai-Hulud/Miasma attack campaign that began in September 2025. Chainguard customers were not affected. chainguard.dev/unchained/cha…

The biggest hot take from today at DevOpsCon San Diego came during an incredible opening presentation! 🤯 Manfred Moser from @chainguard_dev  challenged the entire room to answer a burning question. He broke down how AI-supported development tools are scaling supply chain risks and multiplying security exploits across open-source libraries. An absolute masterclass on why robust DevOps pipelines and configuration processes are more critical now than ever before! 🎤 🎟️ Missed out on today's action? Grab your spot for the next one: 🏙️ New York Details: New York Marriott at The Brooklyn Bridge | Sep 28 - Oct 2, 2026 🔗 devopscon.io/new-york/progra… 🇩🇪 Munich Details: Holiday Inn Munich – City Centre | Nov 30 – Dec 4, 2026 🔗 devopscon.io/munich/program-… #DevOpsCon #SupplyChainSecurity #AIOps #SoftwareEngineering

S/o to the ~good~ KEVs 👋 And for the bad ones, Chainguard will remediate them within 24-hours — the only one in the industry with this SLA. We’ll worry about the bad ones, so you can enjoy the good ones 😁

Over the past 6 days, a threat actor compromised four npm accounts (mr.4nd3r50n, pik-libs, t-in-one, emcd-vue), publishing 180 malicious npm packages targeting financial and cloud infrastructure. Chainguard customers were not affected. Get the details: chainguard.dev/solutions/ai-…

Chainguard customers are unaffected by today’s wave of Mini Shai-Hulud, which impacts 32 redhat-cloud-services projects and 90 versions. Get the details: chainguard.dev/unchained/cha…

Assemble New York sold out. Now we're taking it to London! 🇬🇧 Join us in October to hear from the security engineering leaders defining secure development, catch the latest product announcements, and get hands-on with workshops. Save your spot ➡️ chainguard.dev/assemble-lond…

Helloooo, New York City! 🗽 Last night we celebrated the opening of our first office with the people who make this work: customers, partners, and the very best team. We can't wait to see what we build here! Join us: chainguard.dev/careers#open-…

AI models like Mythos can find hundreds of vulnerabilities overnight — across thousands of projects with one maintainer and no obligation to patch anything. We're not ready for that. More on the hardest fork yet: chainguard.dev/unchained/the…

Thrilled to be recognized in @Redpoint's 2026 InfraRed 100 list, highlighting 100 of the most promising private companies in AI infrastructure. Congratulations to all the companies featured this year!

Chainguard Containers are unaffected by an attack on the Laravel Lang PHP project. Attackers injected credential harvesting malware into 700 versions across four projects overnight. Learn more: chainguard.dev/solutions/ai-…

How to not get pwnd in 2026, an acrostic ✍ P - Proactively minimize your attack surface W - Write off public registries as safe source N - Never assume a clean CVE scan means you're safe D - Do use Chainguard, the trusted source for open source

314 npm packages compromised in 22 minutes this morning. echarts-for-react, timeago.js, the entire AntV suite. Chainguard customers were not affected. Full breakdown IOCs: chainguard.dev/unchained/min…

🚀 New integration: Chainguard @EndorLabs Together, we replace the patching treadmill with a verified chain of trust from build to runtime. Check out our new partnership here: chainguard.dev/unchained/bui…

Linky after hearing we set the industry-leading SLA, remediating KEVs in under 24 hrs🕺

node-ipc was compromised today. 3 malicious versions hit npm targeting 500k weekly downloads. The payload steals AWS, GCP, Azure, SSH, kubeconfig, GitHub tokens, and AI API keys. Chainguard customers were not affected. Details here: bit.ly/4ww7DS8

Mini Shai-Hulud: attackers exploited pull_request_target workflows in TanStack's GitHub repo to inject malware into 84 versions across 42 packages, all with the same provenance as legitimate releases. Chainguard customers were not impacted: bit.ly/3RE2Eij

Linky's Top 5 Horror Movies 🐙 😱 1. "We'll fix it in the next sprint" 2. The image with 847 CVEs running in prod 3. The dependency that hasn't been maintained since 2019 4. AI agents running wild without Chainguard 5. Scan and patch security

Chainguard Containers now supports 1st Party RPM compatibility for RHEL 9 and RHEL 10, and we're joining FINOS 🎉 Here's what it means for financial services: bit.ly/4nmQA0Z

Let us be your extra hands. You got this. ✋ 🤚 🫱 🫲