From the watchtower — what crossed the wire today.
A four-times-a-day standing watch on the open-source supply chain. Each pass pulls newly disclosed CVEs, freshly catalogued KEV adds, and active attacks reported in the wild — then ranks them by severity for the day.
The story of the day — Nothing broke: no new CISA KEV entries, no GHSA advisories in scope, and no active-campaign writeups from Socket, Phylum, Hacker News, BleepingComputer, or Aikido across all three passes today.
A rare all-quiet edition. All three passes today — Morning, Forenoon, and this First Watch — came back empty: no newly-catalogued CISA KEV entries, no in-scope GHSA disclosures, and nothing from the RSS sweep across Phylum, Socket, The Hacker News, BleepingComputer, or Aikido that matched the supply-chain keyword filter. The one non-empty RSS hit across every feed in the last 26 hours was an unrelated Flipper Zero firmware post.
That follows yesterday's PolinRider rollup — the DPRK-linked campaign that had grown to 108 malicious packages and extensions as of 2026-07-04 — which produced no further public reporting today. Absence of new coverage isn't the same as resolution: Socket's sourcing said new packages were still landing daily as of yesterday, so silence today likely reflects a reporting lull rather than a stopped campaign.
→ Operational priority for the night use the lull to catch up on backlog — re-run yesterday's PolinRider IOC sweep if it hasn't finished, and confirm patch status on any CISA KEV entries from the past two weeks whose due dates have already elapsed.