This page collects WhisperX intelligence signals tagged #supplychain. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security vulnerability in the widely-used `node-forge` cryptography library has been disclosed, prompting an urgent update to version 1.4.0. The flaw, rated HIGH severity, is a Denial of Service (DoS) vulnerability within the `BigInteger.modInverse()` function. When called with a zero value, the function ent...
A critical security update for the widely-used `node-forge` cryptography library patches a high-severity Denial of Service (DoS) vulnerability. The flaw, tracked as CVE-2026-33891, resides in the `BigInteger.modInverse()` function, which is inherited from the bundled `jsbn` library. When this function is called with a ...
RubyGems, the primary package manager for the Ruby programming language, has temporarily suspended new account registrations following the upload of hundreds of malicious packages in what security researchers are describing as a coordinated supply chain attack. The platform confirmed the disruption on its official chan...