Eric Gallagher | SecuringTheBackbone.com
@ericgallagher.bsky.social
💪 Author of "Securing the Backbone" newsletter | Challenging the status quo in software supply chain security | 🏃Trying to make running a habit | 🎾Tennis and ♠️poker nerd | WV
🚨 78% of organizations have likely failed a compliance audit due to CVEs in container images.
Not because teams aren’t scanning.
Not because they don’t care about security.
But because finding vulnerabilities is no longer the hard part.
Not because teams aren’t scanning.
Not because they don’t care about security.
But because finding vulnerabilities is no longer the hard part.
January 6, 2026 at 2:06 PM
🚨 78% of organizations have likely failed a compliance audit due to CVEs in container images.
Not because teams aren’t scanning.
Not because they don’t care about security.
But because finding vulnerabilities is no longer the hard part.
Not because teams aren’t scanning.
Not because they don’t care about security.
But because finding vulnerabilities is no longer the hard part.
Some of the most disruptive software supply-chain attacks no longer exploit vulnerabilities.
They exploit trust, automation, and legitimate access — spreading through authorized workflows rather than breaking in.
They exploit trust, automation, and legitimate access — spreading through authorized workflows rather than breaking in.
January 5, 2026 at 2:26 PM
Some of the most disruptive software supply-chain attacks no longer exploit vulnerabilities.
They exploit trust, automation, and legitimate access — spreading through authorized workflows rather than breaking in.
They exploit trust, automation, and legitimate access — spreading through authorized workflows rather than breaking in.
Here’s a little glimpse into the future. Go @sanfrancisco49ers.bsky.social !
December 31, 2025 at 3:12 PM
Here’s a little glimpse into the future. Go @sanfrancisco49ers.bsky.social !
Shai Hulud isn’t scary because it’s sophisticated.
It’s scary because it’s allowed.
It’s scary because it’s allowed.
December 31, 2025 at 2:11 PM
Shai Hulud isn’t scary because it’s sophisticated.
It’s scary because it’s allowed.
It’s scary because it’s allowed.
CVE counts are often treated as a proxy for security risk.
In reality, they measure visibility, not exposure — and say little about the labor required to manage that risk over time.
In reality, they measure visibility, not exposure — and say little about the labor required to manage that risk over time.
December 30, 2025 at 1:24 AM
CVE counts are often treated as a proxy for security risk.
In reality, they measure visibility, not exposure — and say little about the labor required to manage that risk over time.
In reality, they measure visibility, not exposure — and say little about the labor required to manage that risk over time.
🚨 Python devs targeted in phishing scam spoofing PyPI!
Emails urge you to “verify” your account via pypj[.]org—a fake site stealing credentials.
✅ Don’t click links
✅ Use MFA
✅ Go directly to pypi.org
Stay sharp.
Emails urge you to “verify” your account via pypj[.]org—a fake site stealing credentials.
✅ Don’t click links
✅ Use MFA
✅ Go directly to pypi.org
Stay sharp.
August 1, 2025 at 12:23 PM
🚨 Python devs targeted in phishing scam spoofing PyPI!
Emails urge you to “verify” your account via pypj[.]org—a fake site stealing credentials.
✅ Don’t click links
✅ Use MFA
✅ Go directly to pypi.org
Stay sharp.
Emails urge you to “verify” your account via pypj[.]org—a fake site stealing credentials.
✅ Don’t click links
✅ Use MFA
✅ Go directly to pypi.org
Stay sharp.
IBM’s 2025 Data Breach Report is here:
📉 Breach costs down globally
💥 AI-driven attacks on the rise
💰 US avg breach = $10.22M
😱 97% of AI-related breaches lacked access controls
Next week’s Securing the Backbone dives deeper. Stay tuned.
#CyberSecurity #AI #IBM
📉 Breach costs down globally
💥 AI-driven attacks on the rise
💰 US avg breach = $10.22M
😱 97% of AI-related breaches lacked access controls
Next week’s Securing the Backbone dives deeper. Stay tuned.
#CyberSecurity #AI #IBM
July 31, 2025 at 2:22 PM
IBM’s 2025 Data Breach Report is here:
📉 Breach costs down globally
💥 AI-driven attacks on the rise
💰 US avg breach = $10.22M
😱 97% of AI-related breaches lacked access controls
Next week’s Securing the Backbone dives deeper. Stay tuned.
#CyberSecurity #AI #IBM
📉 Breach costs down globally
💥 AI-driven attacks on the rise
💰 US avg breach = $10.22M
😱 97% of AI-related breaches lacked access controls
Next week’s Securing the Backbone dives deeper. Stay tuned.
#CyberSecurity #AI #IBM
Reposted by Eric Gallagher | SecuringTheBackbone.com
Debating Rust vs. .NET for containers? We break down the differences—plus, our new Rust and .NET containers are now live on Docker Hub!
Learn more and see which fits your team:
Learn more and see which fits your team:
Revolutionize Your Deployments: Secure Rust & .NET Containers from ActiveState
Tired of CVEs slowing you down? ActiveState just released new Rust and .NET Runtime container images, available FREE on Docker Hub! These hardened images drastically reduce vulnerabilities, freeing…
www.activestate.com
July 29, 2025 at 9:59 PM
Debating Rust vs. .NET for containers? We break down the differences—plus, our new Rust and .NET containers are now live on Docker Hub!
Learn more and see which fits your team:
Learn more and see which fits your team:
Check out the latest article in my newsletter: Securing the Backbone - Issue #23: When AI Hijacks the Hammer: How LLMs Can Plan & Execute Cyberattacks Solo www.linkedin.com/pulse/securi...
Securing the Backbone - Issue #23: When AI Hijacks the Hammer: How LLMs Can Plan & Execute Cyberattacks Solo
Date: July 28, 2025 🧠 Episode Spotlight: Autonomous AI Attacks Become Reality Researchers at Carnegie Mellon University, in partnership with Anthropic, have demonstrated that large language models can...
www.linkedin.com
July 28, 2025 at 6:25 PM
Check out the latest article in my newsletter: Securing the Backbone - Issue #23: When AI Hijacks the Hammer: How LLMs Can Plan & Execute Cyberattacks Solo www.linkedin.com/pulse/securi...
🚨 WhatsApp will never be the same...
Securing the Backbone is officially live on our own dedicated WhatsApp channel!
Check out the link below and follow STB to get your software supply chain security updates via WhatsApp
whatsapp.com/channel/0029...
Securing the Backbone is officially live on our own dedicated WhatsApp channel!
Check out the link below and follow STB to get your software supply chain security updates via WhatsApp
whatsapp.com/channel/0029...
Securing the Backbone | Software Supply Chain Security for Critical Infrastructure | WhatsApp Channel
Securing the Backbone | Software Supply Chain Security for Critical Infrastructure WhatsApp Channel. 🔐 Securing the Backbone
Your weekly dose of real-world cybersecurity insights focused on software s...
whatsapp.com
July 25, 2025 at 7:06 PM
🚨 WhatsApp will never be the same...
Securing the Backbone is officially live on our own dedicated WhatsApp channel!
Check out the link below and follow STB to get your software supply chain security updates via WhatsApp
whatsapp.com/channel/0029...
Securing the Backbone is officially live on our own dedicated WhatsApp channel!
Check out the link below and follow STB to get your software supply chain security updates via WhatsApp
whatsapp.com/channel/0029...
🚨 A $500 radio can derail a freight train. Literally.
#vulnerabilitymanagement #infosec #appsec #sbom #vulnerability #cybersecurity
www.linkedin.com/pulse/securi...
#vulnerabilitymanagement #infosec #appsec #sbom #vulnerability #cybersecurity
www.linkedin.com/pulse/securi...
Securing the Backbone - Issue #22: When a $500 Radio Can Stop a Freight Train: What Critical Infra Must Learn from the U.S. Rail Vulnerability
Date: July 21, 2025 🛤️ Thirteen Years of Silence on a Derailment-Level Threat On July 10, CISA issued Advisory ICSA-25-191-10, warning of a critical vulnerability that could allow attackers to remotel...
www.linkedin.com
July 21, 2025 at 4:50 PM
🚨 A $500 radio can derail a freight train. Literally.
#vulnerabilitymanagement #infosec #appsec #sbom #vulnerability #cybersecurity
www.linkedin.com/pulse/securi...
#vulnerabilitymanagement #infosec #appsec #sbom #vulnerability #cybersecurity
www.linkedin.com/pulse/securi...
Check out the next issue of my newsletter!
Securing the Backbone: Issue #5: The Software Supply Chain Security Checklist – 10 Steps to Lock Down Your Critical Infrastructure Before Hackers Do
www.linkedin.com/pulse/securi...
Securing the Backbone: Issue #5: The Software Supply Chain Security Checklist – 10 Steps to Lock Down Your Critical Infrastructure Before Hackers Do
www.linkedin.com/pulse/securi...
Securing the Backbone: Issue #5: The Software Supply Chain Security Checklist – 10 Steps to Lock Down Your Critical Infrastructure Before Hackers Do
Date: March 2, 2025 🛠️ So You Want to Stay Out of the Headlines? Congratulations! You’ve decided you’d rather NOT be the next cybersecurity disaster story. This week, we’re handing you a 10-step cheat...
www.linkedin.com
March 3, 2025 at 1:46 PM
Check out the next issue of my newsletter!
Securing the Backbone: Issue #5: The Software Supply Chain Security Checklist – 10 Steps to Lock Down Your Critical Infrastructure Before Hackers Do
www.linkedin.com/pulse/securi...
Securing the Backbone: Issue #5: The Software Supply Chain Security Checklist – 10 Steps to Lock Down Your Critical Infrastructure Before Hackers Do
www.linkedin.com/pulse/securi...
Securing the Backbone - Issue #4: The Business Cost of Software Supply Chain Attacks – How Much $$$ You’ll Lose if You Ignore This Stuff
www.linkedin.com/pulse/securi...
www.linkedin.com/pulse/securi...
Securing the Backbone: Issue #4: The Business Cost of Software Supply Chain Attacks – How Much $$$ You’ll Lose if You Ignore This Stuff
Date: February 24, 2025 💸 Welcome to the Expensive Reality of Cyber Negligence You know what’s worse than dealing with a software supply chain attack? Paying for it. This week, we’re diving into the c...
www.linkedin.com
February 24, 2025 at 2:41 PM
Securing the Backbone - Issue #4: The Business Cost of Software Supply Chain Attacks – How Much $$$ You’ll Lose if You Ignore This Stuff
www.linkedin.com/pulse/securi...
www.linkedin.com/pulse/securi...
Securing the Backbone - Issue #3: Meet the Hackers Trying to Ruin Your Day – Cybercriminals & Nation-States
www.linkedin.com/pulse/securi...
www.linkedin.com/pulse/securi...
Securing the Backbone: Software Supply Chain Security for Critical Infrastructure
Issue #3: Meet the Hackers Trying to Ruin Your Day – Cybercriminals & Nation-States Date: February 17, 2025 🎭 Meet Your Cyber Villains: Nation-State Hackers & Cybercriminal Gangs Ah yes, the ever-grow...
www.linkedin.com
February 24, 2025 at 2:40 PM
Securing the Backbone - Issue #3: Meet the Hackers Trying to Ruin Your Day – Cybercriminals & Nation-States
www.linkedin.com/pulse/securi...
www.linkedin.com/pulse/securi...
Securing the Backbone - Issue #2: The Anatomy of a Software Supply Chain Attack – Case Studies & Lessons Learned
www.linkedin.com/pulse/copy-s...
www.linkedin.com/pulse/copy-s...
Copy of Securing the Backbone: Software Supply Chain Security for Critical Infrastructure
Issue #2: The Anatomy of a Software Supply Chain Attack – Case Studies & Lessons Learned Date: February 10, 2025 🔍 So You Think Your Supply Chain is Safe? Think Again. Welcome back to another edition ...
www.linkedin.com
February 24, 2025 at 2:40 PM
Securing the Backbone - Issue #2: The Anatomy of a Software Supply Chain Attack – Case Studies & Lessons Learned
www.linkedin.com/pulse/copy-s...
www.linkedin.com/pulse/copy-s...