The Kusari Edge

July

2025

ICYMI: Noteworthy Headlines 🗞️

Hackers are betting on “slopsquatting” - targeting fake packages hallucinated by LLMs for their next wave of malicious exploits
A new report found 49% of enterprises lack the ample visibility into their software supply chains; regulatory frameworks, like the EU Cyber Resilience Act and SBOM mandates, are pushing companies toward transparency
Nation-state espionage intensifies: North Korea and China are weaponizing software supply chains—with DPRK targeting npm and China targeting Taiwanese tech

Even Kusari has vulnerabilities to confront; here's how we do it using our own technology
Get the livestream replay of Kusari Inspector bringing security guidance to pull requests
Listen to Co-Founder and CTO Mike Lieberman on the Software Leaders Uncensored podcast: Securing the Software Supply Chain and Fighting AI Slop Squatting

August 4 | BSides & Black Hat in Las Vegas
- Connect with our Co-Founder and CEO Tim Miller
August 12-13 | CodeSecCon 2025 Virtual
- Hear our talks and come chat with us in the virtual booth
August 25-27 | Open Source Summit in Amsterdam
- Expert Panel: Prepare for the CRA | Michael Lieberman, Amanda Brock, OpenUK, Eddie Knight, Sonatype & Andy Martin, ControlPlane
August 28 | OpenSSF Community Day in Amsterdam
- Keynote: Improving Security Data with ORBIT | Ben Cotton & Eddie Knight, Sonatype
- GUAC & Trustify: Building a Common Supply Chain Knowledge Graph | Ben Cotton & Dejan Bosanac, Red Hat
September 10 | Vulnerabilities: Gone in 30 Days

Cyber Resilience Act (CRA) Brief Guide for Open Source Software (OSS) Developers