---
title: "Software Supply Chain Security: June 2026 Roundup"
description: "Discover the most impactful software supply chain security incidents and industry updates from June 2026. Nigel Douglas breaks down the developments across JavaScript, Python, PHP, Rust and more."
canonical_url: "https://cloudsmith.com/blog/cloud-native-digest-june-2026"
last_updated: "2026-07-02T09:53:13.604Z"
---
# Software Supply Chain Security: June 2026 Roundup

**The Cloud-Native Digest is a monthly roundup on all things cloud native, artifact management, and supply chain security from Cloudsmith's Head of Developer Relations, Nigel Douglas.**



June has been an exciting month for software devs. We’ve witnessed mind-boggling consolidation in the AI space (SpaceX buying Cursor for a casual $60B?!), major security overhauls coming to `npm` and `Packagist`, with sadly more of the same AI-fuelled supply chain worms like `Miasma` (`Shai-Hulud)` still targeting dev environments.

As malicious payloads get faster and smarter, the industry is fighting back with coordinated, ecosystem-wide infrastructure defences like the `Akrites` and `Athena` coalitions. The line between writing code and defending it has officially vanished. Shared tooling like `Scrutineer` and Nvidia’s `Skillspector` are helping devs address the security burdens introduced by AI.

You’ll want to grab a coffee, there’s a lot to unpack in this month’s newsletter.



_Enjoying the updates? See where your own defences stand with our Free Artifact Security Maturity Assessment at the bottom of this edition!_



### **Supply Chain Security in June**



**Safer pull request target defaults for GitHub Actions checkout  
Date: **18th June

GitHub is updating `actions/checkout` (starting with v7 and backporting to existing major versions on July 16th) to automatically block insecure checkout patterns from fork pull requests during highly privileged `pull_request_target` and `workflow_run` events. This change directly addresses dangerous pwn request vulns where unreviewed code from forks could otherwise execute with full access to your repository's secrets and tokens. While same-repo PRs are unaffected and an explicit `allow-unsafe-pr-checkout` escape hatch exists for workflows that genuinely require this behaviour, devs are still urged to review their workflows as pinned floating tags will automatically inherit this strict security enforcement.

**Source:** [https://github.blog/changelog/2026-06-18-safer-pull_request_target-defaults-for-github-actions-checkout](https://github.blog/changelog/2026-06-18-safer-pull_request_target-defaults-for-github-actions-checkout)



  
**Inside the Mastra npm supply chain attack  
Date:** 17th June

The popular Mastra AI development framework was attacked by leveraging a former contributor's hijacked `npm` credentials to inject a malicious dependency (`easy-day-js`) across 144 ecosystem packages. The attackers used a typosquatted clone and an obfuscated `postinstall` script to deploy a highly evasive, self-deleting payload that bypassed traditional detection and exploited unenforced `npm` provenance policies.

**Source:** [https://cloudsmith.com/blog/inside-the-mastra-npm-supply-chain-attack](https://cloudsmith.com/blog/inside-the-mastra-npm-supply-chain-attack)



  
**Shai-Hulud copycat campaign targets Python devs  
Date:** 9th June

The security researchers at GitLab discovered a malicious PyPI supply chain campaign by the account **elitexp** that deployed the open-source Shai-Hulud worm against Python developers. The attack used 4 typosquatted packages impersonating popular libraries (`Flask`, `Requests`, and `NumPy`) alongside a weaponised legitimate project, `mflux-streamlit`, executing a stealthy, obfuscated JavaScript payload automatically at install time via Python's `.pth` file mechanism. Once active, the self-propagating worm harvests credentials across all major cloud providers and CI/CD platforms, while automatically injecting malicious files into accessible repositories and publishing poisoned updates to expand its reach.

**Source:** [https://about.gitlab.com/blog/shai-hulud-copycat-campaign-targets-python-developers](https://about.gitlab.com/blog/shai-hulud-copycat-campaign-targets-python-developers)



  
**The Miasma worm's path of destruction  
Date:** 8th June

This self-replicating malware strain rooted in the TeamPCP threat group, has triggered a massive open-source supply chain disaster by infiltrating Red Hat's `npm` namespace and compromising 73 Microsoft GitHub repositories (including core **Azure** and **Durable Task** tools). By hijacking legitimate dev credentials to acquire OIDC tokens and valid SLSA provenance attestations, the worm routinely bypassed conventional security scanners and used uniquely encrypted payloads to evade hash-based detection. Designed to weaponise popular AI coding tools like Claude Code, Miasma automatically executed when infected repos were opened, specifically targeting dev endpoints and CI/CD runners to scrape high-value cloud identities and registry credentials.

**Source:** [https://cloudsmith.com/blog/miasma-worms-path-of-destruction](https://cloudsmith.com/blog/miasma-worms-path-of-destruction)

###   
**PHP**



**Blocking malware for every Composer version inside Packagist  
Source:** [Packagist Blog](https://blog.packagist.com/blocking-malware-downloads-for-every-composer-version-in-private-packagist/)

To address PHP security gaps where devs or CI systems have used older Composer versions (like, pre-2.10) or have manually disabled malware policies, we are now seeing Private Packagist introduce repo-level malware blocking. By integrating directly with the Aikido’s continuous malware feed, Private Packagist now automatically refuses to serve dist/artifact files for flagged packages, now returning an HTTP 410 error to any client regardless of its Composer version.



**The quiet shift reshaping PHP security  
Source:** [Matthew Weier O'Phinney (LinkedIn)](https://www.linkedin.com/pulse/quiet-shift-reshaping-php-security-matthew-weier-o-phinney-fgquc/)

In 2026, PHP security is shifting from a fragmented, reactive approach to a highly coordinated, ecosystem-wide responsibility. Driven by AI initiatives like Project Glasswing and the newly formed [**PHP Ecosystem Security Team**](https://thephp.foundation/blog/2026/05/18/announcing-ecosystem-security-team/), vulnerabilities are being identified and patched faster than ever. Infra-level risks and supply chain threats are being aggressively countered by centralised security updates in tools like Composer and Packagist, which now enforce MFA and block known vulnerable packages by default. However, a significant gap remains for dev teams.



**One Month of Ecosystem Security Engineering  
Source:** [The PHP Foundation](https://thephp.foundation/blog/2026/06/23/one-month-of-ecosystem-security-engineering/)

One month after receiving an Alpha-Omega grant, and the establishing the PHP Foundation's new Ecosystem Security Team (mentioned earlier), the foundation is now using a collaborative, AI-powered security scanner called [**Scrutineer**](https://nesbitt.io/2026/06/25/scrutineer.html) to scan open-source repositories, find vulnerabilities, verify, draft a fix, and even publish the advisory. The initiative has already scanned over 300 major PHP packages and frameworks, leading to nearly a hundred public security fixes. Backed by highly positive community feedback and a growing team of volunteers, the project intends to scan another 250 projects next month while shifting focus toward deeper analyses of core PHP and its extensions.  


**VibePHP: A PHP engine that runs on vibes, not code  
Source:** [@mnapoli (Github)](https://github.com/mnapoli/vibephp)

VibePHP is a satirical, next-gen PHP runtime and web server built on Laravel and AI that completely replaces standard interpreters and compilers with LLM inference. When an HTTP request comes in, the AI reads the PHP source code, executes it "in its head". It then completely hallucinates plausible HTTP responses, databases, and missing functions on the fly, making non-existent syntax like generics and inline Go/Rust magically "just work". While it introduces a massive 7-second latency and costs a staggering $0.0063 per request, it totally justifies this by boosting perceived value by 700,000%.



### **JavaScript**



**Upcoming breaking changes for npm v12  
Source:** [Github Blog](https://github.blog/changelog/2026-06-09-upcoming-breaking-changes-for-npm-v12/)

The upcoming, July 2026 npm release will introduce stricter security-related default behaviours for `npm install` by making previously automatic actions opt-in. Specifically, it will block dependency installation scripts by default (`allowScripts` turns off), restrict git dependency resolution (`--allow-git`), and block remote URL dependencies (`--allow-remote`) unless explicitly allowed by the user. Devs can prepare for this upgrade now by using **npm 11.16.0 or newer** to view warnings. You can also `run npm approve-scripts --allow-scripts-pending` to audit package scripts, and commit the approved allowlist directly to your `package.json`.

**  
FastAPI can now serve your frontend app  
Source:** [Tiangolo Docs](https://fastapi.tiangolo.com/tutorial/frontend/)

FastAPI version 0.138.0 now has support for client-side routing. This is especially useful for frontend tools that generate static files, like React with Vite, TanStack Router, Astro, Vue, Svelte, Angular, Solid, and others. Instead of building the frontend and generating a directory like - `./dist/` that includes all of your frontend files, you can now instead use `app.frontend()` to serve that directory following the conventions needed by the frontend frameworks.

**  
Messenger - free browser game built using WebGL and Three.js  
Source:** [Messenger](https://messenger.abeto.co/)

Messenger is a free-to-play browser game crafted by developers **Vicente Lucendo** and **Michael Sungaila**. Built entirely on JavaScript via `WebGL` and `Three.js`, it delivers a rich 3D experience directly in the browser without requiring heavy game engines like Unity or any client-side downloads. By combining asset pipelines from Houdini and Blender with a custom live multiplayer framework, the devs allowed players to seamlessly explore the globe together and interact via dynamic 3D emojis.

**  
Malicious npm packages are deploying Windows RAT malware  
Source:** [RedSecureTech](https://www.redsecuretech.co.uk/blog/post/malicious-npm-packages-npm-malicious-packages-deploy-windows-rat-malware/1268)

Researchers discovered a malicious typosquatting campaign on npm where three packages (`aes-decode-runner-pro`, `postcss-minify-selector`, and `postcss-minify-selector-parser`) masquerading as legitimate dev tools to deliver a full-featured Windows Remote Access Trojan (RAT). When installed, the JS dropper triggers a PowerShell script that downloads a ZIP archive containing a Python-based payload. The RAT can steal Chrome creds, gather host info, and execute shell commands via a dedicated C2 server.

###   
  
**Rust**



**rtk - Rust CLI cuts coding agent token usage by 60-90%  
Source:** [rtk-ai (Github)](https://github.com/rtk-ai/rtk)

Want to slash your coding agent's token bills by up to 90%? RTK makes it happen by acting as a smart filter between your terminal and your LLM. Instead of dumping hundreds of lines of Git logs, test results, or Docker outputs into the context window, it strips out the noise and passes along only the critical data. Built as a single, memory-safe Rust binary with zero dependencies, it operates with a barely noticeable 10ms overhead. Don't worry about missing context either. If a command fails, the full output is saved locally for your agent to grab later.  


**Launching the Rust Foundation Maintainers Fund  
Source:** [Rust Blog](https://blog.rust-lang.org/2026/06/02/launching-the-rust-foundation-maintainers-fund/)

The Rust Project and the Rust Foundation have launched the Rust Foundation Maintainers Fund alongside a new Funding team to secure stable, long-term financial support for the project's maintainers. A core initiative of this fund is the Maintainer in Residence program, which will hire maintainers (typically near full-time) to focus on critical areas like the compiler, standard library, and Cargo. This centralised fund, which is open to both individual and corporate donations via GitHub Sponsors aims to combat the recent industry budget shifts that have caused key contributors to lose funding, ensuring the long-term health and development of Rust as its industry adoption grows.  
  
**Launching the Rust Commercial Network (RCN)  
Source:** [rust-lang.zulipchat\[.com\]](https://rust-lang.zulipchat.com/#narrow/channel/594428-commercial-network/topic/June.202026.20Recap/with/606710525)

RCN is a free, collaborative initiative launched by the Rust Foundation to connect teams using Rust in production with the language's core developers. By hosting monthly meetings under the Chatham House Rule and maintaining public **Zulip** chat channels, the network aims to bridge the gap between industrial users and maintainers, allowing companies to share best practices, solve common challenges, and drive corporate funding. Managed by a dedicated steering committee and backed by numerous founding orgs, the RCN focuses on accelerating widespread adoption, supporting small to mid-sized businesses, and securing the long-term sustainability of the Rust ecosystem.  


**Why stdx is not on crates  
Source:** [Sylvain Kerkour](https://kerkour.com/stdx-cratesio)

The author thanks the community for supporting stdx, an extended standard library for **Rust**, and addresses why the project is distributed exclusively via Git rather than crates.io. He argues that centralised package registries are fundamentally flawed and insecure, introducing critical supply chain vulnerabilities like name-squatting, credential theft, and hidden backdoors. The author advocates for a secure-by-design architecture modelled after `Go`, where package managers pull code directly from signed Git repositories rather than relying on a centralised middleman. Ultimately, by bypassing `crates.io`, the author hopes to spark a shift in the Rust ecosystem toward simpler, more secure dependency distribution.

**  
Rust backdoor turns prompt injection on the analyst, not the sandbox  
Source:** [SentinelOne](https://www.sentinelone.com/labs/macos-gaslight-rust-backdoor-turns-prompt-injection-on-the-analyst-not-the-sandbox/)

SentinelOne researchers analysed **macOS.Gaslight**, a DPRK-aligned Rust implant. It gaslights the AI reading the output. Embedded inside a tiny prompt-injection payload binary, 38 fabricated `system` messages are built to steer an LLM-assisted triage pipeline into aborting or refusing its analysis. Fake token expiries, out-of-memory kills, disk exhaustion, and bogus injection warnings. Originally **0/61 detections** were found on `VirusTotal`. The **macOS.Gaslight** backdoor spoofs the triage harness's own prompt scaffold, which blurs the security boundaries.

###   
  
**Python**



**Python 3.15.0 beta 2 is here!  
Source:** [Python Blog](https://blog.python.org/2026/06/python-3150-beta-2/)

Released on June 23rd, **Python 3.15.0**’s 3rd beta version is the third of four planned preview releases designed for community testing and project preparation ahead of the official release candidate phase in August. While not recommended for production environments, this feature-complete preview introduces significant upgrades, including explicit lazy imports for faster startup, a new `frozendict` built-in type, UTF-8 as the default encoding, and an upgraded JIT compiler boasting substantial performance improvements on both Linux and macOS.



**Pywho is a great tool for explaining your Python environment  
Source:** [AhsanSheraz (Github)](https://github.com/AhsanSheraz/pywho)

The `pywho` tool is a zero-dependency, cross-platform CLI & Python API designed to instantly diagnose Python environment configs and import issues. It eliminates the "_works on my machine_" debugging bottleneck we’re all so familiar with. By generating a comprehensive report of the active interpreter, virtual environment, and `sys.path`, its primary benefit is the import tracing where it details exactly how and where a module is loaded. It also offers shadow scanning, which audits projects for local files that accidentally override standard library or third-party packages.



**Hunting Leaked PyPI Tokens: 62 Live, 125 Packages Exposed  
Source:** [GitGuardian](https://blog.gitguardian.com/hunting-leaked-pypi-tokens-62-live-125-packages-exposed)

GitGuardian discovered 62 valid PyPI tokens leaking publicly on GitHub and Docker Hub, exposing **125 packages** with a **combined 25,000 monthly downloads** to potential supply chain attacks. By decoding the macaroon API token restrictions and safely verifying their validity via broken API requests, the researchers bypassed expected automated GitHub scanning protections to find these active vulnerabilities. Following a responsible disclosure, the PyPI security team successfully revoked all 62 tokens and implemented new admin tooling to streamline future disclosures, highlighting the critical need for developers to scan for secrets, use project-scoped tokens, and properly configure `.gitignore` files.



**Python flaw allowed attackers to forge Admin-Level API requests  
Source:** [CyberSecurityNews](https://cybersecuritynews.com/critical-python-org-vulnerability/)

A critical authentication bypass flaw (that has since been [mitigated](https://blog.python.org/2026/06/mitigated-api-bypass-for-download-metadata-python-dot-org/)) within the `python.org` release management API went undetected for over a decade. It allowed attackers to impersonate admins by pairing a valid username with an arbitrary API key. If exploited, attackers could have altered official download and signature verification URLs to orchestrate massive global supply chain attacks, though they could not directly modify the source binaries. The Python Security Response Team (PSRT) quickly patched the vulnerability within 48 hours of its disclosure, and subsequent forensic audits confirmed **no evidence of exploitation**.



### **Kubernetes**



**Understanding the transition from K8s Dashboard to Headlamp  
Source**: [Kubernetes Blog](https://kubernetes.io/blog/2026/06/01/dashboard-to-headlamp/)

Following the archiving of the Kubernetes Dashboard, Headlamp has emerged as its modern successor. Headlamp preserves some of the familiar visual workflows, resource views, and even RBAC-compliant editing. However, it expands on those capabilities beyond the traditional, single-cluster view. Headlamp introduces multi-cluster management, application-centric **Projects**, and extensibility through community or custom plugins (such as GitOps and AI assistants). Headlamp offers flexible deployment options as both an in-cluster tool and as a desktop app.



**Kubernetes finally has User Namespace support  
Source**: [Edera](https://edera.dev/stories/kubernetes-finally-has-user-namespace-support-the-shared-kernel-problem-remains)

While [**Kubernetes v1.36**](https://cloudsmith.com/blog/kubernetes-1-36-what-you-need-to-know#:~:text=Support%20User%20Namespaces%20in%20pods)’s general availability of user namespace support (`hostUsers: false`) successfully mitigates certain container escapes by remapping root users to unprivileged host UIDs, it fails to solve the critical shared kernel problem. In fact, granting namespaced capabilities actually increases the reachable host kernel attack surface by **over 250%**. This exposes vulnerable subsystems like `nftables` to unprivileged containers. As AI-assisted tools rapidly accelerate the discovery of exploitable kernel bugs that entirely bypass namespace protections, Kaylin argues that true multi-tenant isolation cannot be achieved at the UID layer.



**Introducing Minimus Community Edition  
Source:** [Minimus](https://www.minimus.io/post/introducing-minimus-community-edition-free-hardened-container-images-across-our-entire-gallery)

Minimus just opened its entire catalogue of secure container images to everyone, for free! The new Community Edition gives any developer hundreds of continuously built-from-source, near-zero CVE images, with no registration, auth wall, or procurement. FIPS, CIS, NIST SP 800-190, and STIG compliance come built in. These are the same images Minimus customers already run in production across finance, government, and healthcare.



**Open source maintainership in the age of AI  
Source:** [Kubernetes Contributors](https://www.kubernetes.dev/docs/guide/pull-requests/#ai-guidance)

The rapid rise of AI-assisted coding has made generating code much faster, but it has also strained the maintenance of open-source projects. To address this, the Kubernetes community has introduced an AI policy that embraces these tools while enforcing strict human accountability. Kubernetes requires transparency, human-only engagement, and thorough manual verification. Additionally, the project is actively experimenting with automated AI review tools like GitHub Copilot and CodeRabbit to act as quality gates and reduce maintainer burnout, marking a mature step toward balancing technological innovation with human oversight.

###   
  
**AI/ML**



**SpaceX Buys Cursor In Largest Startup Acquisition Ever At $60 Billion  
Source**: [Forbes](https://www.forbes.com/sites/sandycarter/2026/06/16/spacex-buys-cursor-in-largest-startup-acquisition-ever-at-60-billion/)

In an all-stock deal valued at $60 billion, SpaceX has acquired Anysphere, the parent company of the AI coding tool Cursor, marking the largest venture-backed startup acquisition in history. Expected to close in the third quarter of 2026 following SpaceX’s recent $75 billion IPO, the deal integrates Cursor's advanced capabilities and vast developer user base with Elon Musk's xAI and Grok model.



**Cursor quietly acquires Continue, an open-source alternative to Copilot  
Source:** [TheNewStack](https://thenewstack.io/cursor-acquires-continue-coding/)

In a quiet consolidation move, Cursor had acquired Continue, a popular open-source alternative to GitHub Copilot with over 34,000 GitHub stars. Following Cursor's recent acquisition by SpaceX, this deal came as a shock to users. Continue's proprietary services are winding down, and users have until July 15th to export their data. However, the founding team pushed a final 2.0.0 update removing telemetry and handed the codebase over to the community, allowing the open-source project to remain publicly available for future development under its `Apache 2.0` license.



**Fake AI agent skill passed all scans and reached 26,000 agents  
Source:** [Air Security](https://www.air.security/blog-posts/the-story-of-skills)

To demonstrate critical flaws in AI agent security, security firm AIR successfully deployed a deceptive AI skill that bypassed multiple security scanners, inherited 36,000 GitHub stars via a repository merge, and reached roughly 26,000 agents (including corporate accounts) through targeted Instagram ads. The skill slipped past scanners by initially linking to legitimate documentation on an external domain controlled by AIR, only to swap the destination for a data-collecting payload after passing review.



**Nvidia “open-sourced one of the most important AI projects right now”  
Source:** [@akshay_pachaar (X)](https://x.com/akshay_pachaar/status/2065412599001625058)

NVIDIA has recently open-sourced [**SkillSpector**](https://github.com/nvidia/skillspector) on Github, a security scanner designed to protect users from malicious or vulnerable AI Skills. These executable code packages that agents will run to perform specific automated tasks are scannable for security blind spots. Since these imported skills run with the same system access as the user, they pose severe security risks like credential harvesting, data leaks, and prompt injection, with research showing 1 in 4 public skills contain vulnerabilities.



**Designing the hf CLI as an agent-optimised way to work with the Hub  
Source:** [Hugging Face](https://huggingface.co/blog/hf-cli-for-agents)

The Hugging Face team started rebuilding the `hf` CLI with AI agents in mind. The CLI now detects when an agent is using it and gives clean, token-efficient output, next-command hints, and more, all designed to minimise the number of tokens and steps an agent needs to get things done on the Hugging Face Hub. Hugging Face benchmarked it across 18 Hub tasks on Claude Code and Codex: without the `hf` CLI, using curl or the Python SDK took up to 6x as many tokens on complex tasks, and the CLI completed them more reliably.



**Mellum2 Goes Open Source  
Source:** [JetBrains](https://blog.jetbrains.com/ai/2026/06/mellum2-goes-open-source-a-fast-model-for-ai-workflows/)

JetBrains has open-sourced [**Mellum2**](https://huggingface.co/blog/JetBrains/mellum2-launch), a `12B` parameter, code and text-specialised `MoE mode`l released under the `Apache 2.0` license. Designed to eliminate production bottlenecks like latency and high costs, it only activates 2.5B parameters per token, cutting inference time in half compared to similar-sized models. Mellum2 acts as a fast, cost-effective focal model for software engineering workflows, excels at routing, low-latency RAG pipelines, and sub-agent orchestration.



### **In other news**



**We all depend on open source. We will defend it together.  
Source:** [Akrites](https://akrites.org/letter/)

Launched on June 25th, Akrites is the largest coordinated effort in history to secure the open-source software powering the world's critical infrastructure. While traditional vulnerability discovery used to take an expert weeks, AI can now find multiple serious flaws in mere minutes, rapidly outpacing the capacity of open-source maintainers. To prevent a flood of uncoordinated, duplicative reports from burying these maintainers, Akrites establishes a single, confidential, and trusted upstream clearinghouse to validate, remediate, and responsibly disclose vulnerabilities. The initiative commits real funding, engineering talent, and AI defense technologies to fix critical software at the source and accelerate downstream patch deployment before adversaries can exploit the code.



**The Swift package registry has joined Apple  
Source:** [Swift Package Index](https://swiftpackageindex.com/blog/swift-package-index-joins-apple)

The Swift Package Index has joined Apple in order to build a comprehensive, robust package registry for the community. The platform, which recently surpassed 10,000 indexed packages and processes millions of compatibility builds across multiple platforms, will maintain its core vision and remain open source. For developers and package authors, the index will continue to operate as usual, while future collaborations between Apple engineers and the open-source community will focus on scaling the platform, and improving overall security capabilities.

  
**CocoPods - Sunsetting a Package Manager  
Source:** [Andrew Nesbitt](https://nesbitt.io/2026/06/23/sunsetting-a-package-manager.html)

On December 2nd, the CocoaPods trunk will become permanently read-only, stopping new pod and version submissions due to maintainer shortages, the dominance of Apple's Swift Package Manager, and infrastructure security liabilities. To ensure existing dependencies continue resolving seamlessly, CocoaPods will offload its data to `GitHub` and `jsDelivr`, though this shift introduces long-term maintenance challenges for active libraries that can no longer push security patches to their canonical coordinates.



**Introducing Package Proxy  
Source:** [Jacob Torrey (Thinkst)](https://blog.thinkst.com/2026/06/introducing-package-proxy-supply-chain-safety-checks-without-client-side-software.html)

To combat the rising threat of malicious software supply-chain attacks, Cloudflare has released **Package Proxy**, an open-source tool that intercepts metadata requests for popular package managers (`npm`, `pip`, `uv`, and `cargo`) to block dangerous dependencies. Operating as a network proxy via **Cloudflare Workers** rather than requiring complex client-side software wrappers, it automatically enforces inline safety policies, such as requiring packages to be at least 10 days old and verifying upload mechanisms, and then returns a 404 for any package failing inspection.

  
**New CRAN Packages: signal or noise?  
Source:** [Joseph Rickert (R Works)](https://rworks.dev/posts/too-many-R-packages/)

Joseph Rickert questions whether the rapid growth of new CRAN packages truly benefits the R community or if it is just noise. Spurred by the ease of modern software deployment, the monthly volume of submissions has exploded, mirroring a broader, Agentic AI-driven surge in low-utility digital apps. Rickert argues that most new packages fail to make a meaningful contribution, pointing out that many lack basic documentation like `README` files, `vignettes`, or even repository `URLs`, ultimately rendering them undiscoverable and ineffective for end users.



**Athena coalition already shipped 2,000 patches across 500 projects  
Source:** [HelpNetSecurity](https://www.helpnetsecurity.com/2026/06/17/chainguard-athena-coalition-fix-open-source-vulnerabilities/)

Athena is a newly launched industry coalition of over two dozen orgs (including Cisco, Cloudflare, and Docker) designed to pool, patch, and neutralise open source vulnerabilities under embargo before public disclosure. Driven by the rapid, AI-fuelled escalation of zero-day exploits, the group uses frontier AI programs (like OpenAI's [**Daybreak**](https://openai.com/daybreak/) and Anthropic's [**Project Glasswing**](https://www.anthropic.com/glasswing)) to catch flaws that human reviewers and fuzzers miss. Already active with 2,000 patches across 500 projects, Athena provides members with early access to hardened builds while implementing internet-wide, platform-level mitigations to protect critical infrastructure that cannot patch quickly.



**Microsoft announces Azure Container Apps Sandboxes (Preview)  
Source:** [Azure Container Apps](https://sandboxes.azure.com/login)

Agentic AI changes the rules. Your AI generated code can't run next to your app. It has to be isolated in a safe dedicated space. Azure Container Apps Sandboxes provide fast, hardware‑isolated microVMs that agents can spin up on demand to safely execute untrusted code, persist state via snapshots, and scale to hundreds. This is the same underlying infra behind GitHub Copilot Sandboxes & Azure Foundry Hosted Agents. Now available as public preview.





**Free Artifact Security Maturity Assessment** | Where does your supply chain security actually stand? [**Start assessment →**](https://cloudsmith.com/resources/artifact-security-maturity-tool)
