logo
Product
Product
About Us
Resources
Resources
Contact Us
SBOM, CBOM, and AIBOM: The New Visibility Layer Every Security and Compliance Program Needs

SBOM, CBOM, and AIBOM: The New Visibility Layer Every Security and Compliance Program Needs

Understand why SBOM, CBOM, and AIBOM are essential visibility layers for modern security and compliance programs.

Jun 09, 2026 • 15:00 UTC

Shai-Hulud Strikes the TanStack Ecosystem: 160+ NPM Packages Compromised
Shai-Hulud Strikes the TanStack Ecosystem: 160+ NPM Packages Compromised

A supply chain attack compromised 160+ NPM packages in the TanStack ecosystem through dependency confusion.

May 13, 2026 • 11:00 UTC

Your CI/CD Pipeline Is a Breach Waiting to Happen
Your CI/CD Pipeline Is a Breach Waiting to Happen

Attackers backdoored element-data 0.23.3 via a GitHub Actions flaw, exposing cloud keys and API tokens.

May 01, 2026 • 10:00 UTC

Poisoning the Well element-data
Poisoning the Well element-data

Analysis of the element-data supply chain poisoning attack targeting npm packages.

Apr 28, 2026 • 13:00 UTC

The Worm That Breeds Through Your Code
The Worm That Breeds Through Your Code

A self-replicating supply chain worm that propagates through developer dependencies.

Apr 24, 2026 • 05:00 UTC

Marimo RCE Flaw Weaponized in 10 Hours
Marimo RCE Flaw Weaponized in 10 Hours

A zero-authentication terminal WebSocket vulnerability in Marimo was weaponized within 10 hours of disclosure.

Apr 10, 2026 • 03:00 UTC

When Trust Becomes a Weapon: Axios npm Supply Chain Attack
When Trust Becomes a Weapon: Axios npm Supply Chain Attack

A precision attack against the npm ecosystem hijacked the Axios maintainer account and published poisoned versions reaching 100M+ weekly downloads.

Apr 01, 2026 • 00:21 UTC

THE NEED FOR TRUE SHIFT LEFT SECURITY
THE NEED FOR TRUE SHIFT LEFT SECURITY

Why organizations need to adopt true shift-left security practices in their development lifecycle.

Nov 13, 2025 • 08:30 UTC

Typosquatting Attack on Rust Crate: fast_log
Typosquatting Attack on Rust Crate: fast_log

Analysis of a typosquatting attack targeting the Rust crate ecosystem through a malicious fast_log package.

Sep 25, 2025 • 11:00 UTC

Supply Chain Attack on @ctrl/tinycolor and 180+ NPM Packages
Supply Chain Attack on @ctrl/tinycolor and 180+ NPM Packages

A coordinated supply chain attack compromised @ctrl/tinycolor and over 180 NPM packages.

Sep 16, 2025 • 10:30 UTC

The eslint-config-prettier Supply Chain Attack
The eslint-config-prettier Supply Chain Attack

Analysis of the eslint-config-prettier supply chain attack that compromised npm packages.

Jul 23, 2025 • 04:00 UTC

Company
  • About Us
  • Case Studies
  • Blog
  • Contact Us
  • Terms of Use
  • Privacy Policy
Resources
  • Comprehensive Security Coverage
  • SBOM
  • SCA
  • Secrets
  • SAST
  • Solutions
Platform
  • Commit Analysis
  • Compliance
logo
Flyingduck's platform detects vulnerabilities right from the feature development stage.

Follow us on

Flyingduck Cyber Security LinkedIn Page
©2026 FlyingduckCopyright All Rights Reserved
©2026 FlyingduckCopyright All Rights Reserved