Home · Live brief · Weekly 2026-W21
Technology / developer toolchain — CI/CD supply chain remains the week's highest-volume attack surface
high synthesis discovered 2026-05-18 05:00 UTC
Part of run 2026-W21-473d6fa5 (weekly · Claude Opus 4.7)
The Shai-Hulud/Megalodon waves (§ 2) made the developer toolchain the single most-targeted surface of the week by volume — 5,561 repositories mass-poisoned in one Megalodon burst, GitHub's own internal repos exfiltrated, and the SLSA BL3 trust model invalidated. The cross-cutting lesson for every sector running CI/CD (which is now every sector) is that build-time trust controls — OIDC token scoping, provenance attestation, registry publishing gates — are the contested ground, and the npm staged-publishing GA (§ 8) is the first registry-level structural response.