All news with #ai supply chain tag

🛡️ Wing Security outlines how enterprises must evolve defenses to protect the modern AI application supply chain. The article explains that rapid AI sprawl, interapplication integrations, and new data exposure vectors create blind spots traditional controls were not built to handle. By extending its SaaS Security Posture Management foundation, Wing Security offers continuous discovery, real-time monitoring, vendor analytics, and adaptive governance to reduce supply chain, data leakage, and compliance risk.

🔒 A malicious npm package, postmark-mcp, was weaponized to stealthily copy outgoing emails by inserting a hidden BCC in version 1.0.16. The package impersonated an MCP Postmark connector and forwarded every message to an attacker-controlled address, exposing password resets, invoices, and internal correspondence. The backdoor was a single line of code and remained available through regular downloads before the package was removed. Koi Security advises immediate removal, credential rotation, and audits of all MCP connectors.

📣 Cloudflare’s 2025 Founders’ Letter reflects on 15 years of Internet change, highlighting encryption’s rise thanks in part to Universal SSL, slow IPv6 adoption, and the rising costs of scarce IPv4 space. It warns that AI answer engines are shifting value away from traffic-based business models and threatening publishers. Cloudflare previews tools and partnerships — including AI Crawl Control — to help creators control access and negotiate compensation.