InfoQ - Software Supply Chain - News https://www.infoq.com InfoQ Software Supply Chain News feed Leading Open Source Author Calls for Verification over Trust in Software Supply Chains https://www.infoq.com/news/2026/05/stenberg-curl-verification-trust/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=Software+Supply+Chain-news <img src="https://res.infoq.com/news/2026/05/stenberg-curl-verification-trust/en/headerimage/generatedHeaderImage-1777409230642.jpg"/><p>In a blog post published in March 2026, Daniel Stenberg, creator and lead developer of curl, makes the case that the software industry's default position of trusting well-known components is no longer adequate. Stenberg argues that users and organisations should actively verify the software they consume, and he uses curl's own practices as a concrete example of how that can be done.</p> <i>By Matt Saunders</i> Software Supply Chain Verification Dependency Management DevOps Culture & Methods news Thu, 07 May 2026 07:00:00 GMT https://www.infoq.com/news/2026/05/stenberg-curl-verification-trust/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=Software+Supply+Chain-news Matt Saunders 2026-05-07T07:00:00Z /news/2026/05/stenberg-curl-verification-trust/en Attacker Bought 30 WordPress Plugins on Flippa and Backdoored All of Them https://www.infoq.com/news/2026/05/wordpress-plugins-supply-chain/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=Software+Supply+Chain-news <img src="https://res.infoq.com/news/2026/05/wordpress-plugins-supply-chain/en/headerimage/generatedHeaderImage-1777874069748.jpg"/><p>An attacker purchased 30+ WordPress plugins on Flippa for six figures, planted a PHP deserialization backdoor in the first commit, and waited eight months before activating it across 400,000 installations. The attack used Ethereum smart contracts to resolve C2. WordPress.org has no mechanism for reviewing plugin ownership transfers, a gap that npm and PyPI addressed years ago.</p> <i>By Steef-Jan Wiggers</i> Security Vulnerabilities Application Security Software Supply Chain Dependency Management Development Architecture & Design news Wed, 06 May 2026 10:00:00 GMT https://www.infoq.com/news/2026/05/wordpress-plugins-supply-chain/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=Software+Supply+Chain-news Steef-Jan Wiggers 2026-05-06T10:00:00Z /news/2026/05/wordpress-plugins-supply-chain/en