CuraSec

tag: Supply-Chain · 3 items

  • Engineer — Skip
  • SOC/IR — Skip
  • Leader — Plan: If your org uses DeepSeek or any of the flagged firms, assess vendor risk now before a formal blacklist forces an abrupt cutover; track regulatory status this quarter to avoid a rushed transition.
2026-07-10 · Krebs on Security · source ↗ #vendor-risk#supply-chain#threat-intel
  • Engineer — Skip
  • SOC/IR — Learn: Highlights the risk of sourcing threat intel or vulnerability data from unvetted offensive security vendors; useful context when evaluating new tool or feed vendors.
  • Leader — Plan: Review any vendor relationships or zero-day acquisition programs for due-diligence gaps; this case illustrates how fraudulent operators can enter the security supply chain under assumed identities.
2026-07-10 · GitHub Trending · source ↗ #ai-security#supply-chain#provenance
  • Engineer — Learn: Tracks agent prompts behind commits and adds signed provenance attestations — worth evaluating if your team uses AI coding agents, but no active threat requiring immediate action.
  • SOC/IR — Skip
  • Leader — Learn: Addresses AI agent auditability and DLP exposure in code pipelines — useful context for building a policy around AI-assisted development before it becomes a control gap.