#supplychainsecurity — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #supplychainsecurity, aggregated by home.social.
-
Müzeyyen Gökçen Arslan Tapkan of Black Kite says organizations still confuse compliance with actual security.
⚠️ Vendors can pass audits while exposing live risk
⚠️ Attackers rank vendors by exposure paths, not spend
⚠️ AI is worsening noise and confidence problems in cyber datasets“Saying HITL in TPCRM is easy. Designing for it, vendor by vendor, signal by signal, decision by decision, this is the real work.”
https://www.technadu.com/why-attackers-understand-supply-chains-better-than-companies/628246/
-
Müzeyyen Gökçen Arslan Tapkan of Black Kite says organizations still confuse compliance with actual security.
⚠️ Vendors can pass audits while exposing live risk
⚠️ Attackers rank vendors by exposure paths, not spend
⚠️ AI is worsening noise and confidence problems in cyber datasets“Saying HITL in TPCRM is easy. Designing for it, vendor by vendor, signal by signal, decision by decision, this is the real work.”
https://www.technadu.com/why-attackers-understand-supply-chains-better-than-companies/628246/
-
Müzeyyen Gökçen Arslan Tapkan of Black Kite says organizations still confuse compliance with actual security.
⚠️ Vendors can pass audits while exposing live risk
⚠️ Attackers rank vendors by exposure paths, not spend
⚠️ AI is worsening noise and confidence problems in cyber datasets“Saying HITL in TPCRM is easy. Designing for it, vendor by vendor, signal by signal, decision by decision, this is the real work.”
https://www.technadu.com/why-attackers-understand-supply-chains-better-than-companies/628246/
-
Müzeyyen Gökçen Arslan Tapkan of Black Kite says organizations still confuse compliance with actual security.
⚠️ Vendors can pass audits while exposing live risk
⚠️ Attackers rank vendors by exposure paths, not spend
⚠️ AI is worsening noise and confidence problems in cyber datasets“Saying HITL in TPCRM is easy. Designing for it, vendor by vendor, signal by signal, decision by decision, this is the real work.”
https://www.technadu.com/why-attackers-understand-supply-chains-better-than-companies/628246/
-
Müzeyyen Gökçen Arslan Tapkan of Black Kite says organizations still confuse compliance with actual security.
⚠️ Vendors can pass audits while exposing live risk
⚠️ Attackers rank vendors by exposure paths, not spend
⚠️ AI is worsening noise and confidence problems in cyber datasets“Saying HITL in TPCRM is easy. Designing for it, vendor by vendor, signal by signal, decision by decision, this is the real work.”
https://www.technadu.com/why-attackers-understand-supply-chains-better-than-companies/628246/
-
🥶 A contractor for CISA posted AWS GovCloud admin keys to a public GitHub repo! The repo was named "Private-CISA." Not an accident, the contractor actively disabled GitHub's built-in secret scanner to do it. That's a choice. Not a typo, not a misconfiguration. Someone turned off the guardrail and then stored plaintext credentials in a file called "importantAWStokens." That should make every security leader lose their 💩 AND the exposed keys stayed valid for 48 hours after CISA was notified. The agency responsible for protecting the country's critical infrastructure took two days to rotate credentials sitting in a public repo. 🤬 One researcher called this "the worst leak I've witnessed in my career." The exposed files included credentials to CISA's internal software build environment. Anyone who found those keys first could have backdoored the packages CISA builds and deploys. Every new build would carry that backdoor forward. CISA has lost nearly a third of its workforce since January. The oversight that might have caught this sooner is gone.
Two questions worth taking back to your own team:
・ When did you last verify that secret scanning is actually enabled across every repo your contractors touch?
・ If you got the call today that credentials were public, how long would it take to rotate them?https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/
#CISA #CloudSecurity #SupplyChainSecurity #CyberGovernance #security #privacy #cloud #infosec -
🥶 A contractor for CISA posted AWS GovCloud admin keys to a public GitHub repo! The repo was named "Private-CISA." Not an accident, the contractor actively disabled GitHub's built-in secret scanner to do it. That's a choice. Not a typo, not a misconfiguration. Someone turned off the guardrail and then stored plaintext credentials in a file called "importantAWStokens." That should make every security leader lose their 💩 AND the exposed keys stayed valid for 48 hours after CISA was notified. The agency responsible for protecting the country's critical infrastructure took two days to rotate credentials sitting in a public repo. 🤬 One researcher called this "the worst leak I've witnessed in my career." The exposed files included credentials to CISA's internal software build environment. Anyone who found those keys first could have backdoored the packages CISA builds and deploys. Every new build would carry that backdoor forward. CISA has lost nearly a third of its workforce since January. The oversight that might have caught this sooner is gone.
Two questions worth taking back to your own team:
・ When did you last verify that secret scanning is actually enabled across every repo your contractors touch?
・ If you got the call today that credentials were public, how long would it take to rotate them?https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/
#CISA #CloudSecurity #SupplyChainSecurity #CyberGovernance #security #privacy #cloud #infosec -
🥶 A contractor for CISA posted AWS GovCloud admin keys to a public GitHub repo! The repo was named "Private-CISA." Not an accident, the contractor actively disabled GitHub's built-in secret scanner to do it. That's a choice. Not a typo, not a misconfiguration. Someone turned off the guardrail and then stored plaintext credentials in a file called "importantAWStokens." That should make every security leader lose their 💩 AND the exposed keys stayed valid for 48 hours after CISA was notified. The agency responsible for protecting the country's critical infrastructure took two days to rotate credentials sitting in a public repo. 🤬 One researcher called this "the worst leak I've witnessed in my career." The exposed files included credentials to CISA's internal software build environment. Anyone who found those keys first could have backdoored the packages CISA builds and deploys. Every new build would carry that backdoor forward. CISA has lost nearly a third of its workforce since January. The oversight that might have caught this sooner is gone.
Two questions worth taking back to your own team:
・ When did you last verify that secret scanning is actually enabled across every repo your contractors touch?
・ If you got the call today that credentials were public, how long would it take to rotate them?https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/
#CISA #CloudSecurity #SupplyChainSecurity #CyberGovernance #security #privacy #cloud #infosec -
🥶 A contractor for CISA posted AWS GovCloud admin keys to a public GitHub repo! The repo was named "Private-CISA." Not an accident, the contractor actively disabled GitHub's built-in secret scanner to do it. That's a choice. Not a typo, not a misconfiguration. Someone turned off the guardrail and then stored plaintext credentials in a file called "importantAWStokens." That should make every security leader lose their 💩 AND the exposed keys stayed valid for 48 hours after CISA was notified. The agency responsible for protecting the country's critical infrastructure took two days to rotate credentials sitting in a public repo. 🤬 One researcher called this "the worst leak I've witnessed in my career." The exposed files included credentials to CISA's internal software build environment. Anyone who found those keys first could have backdoored the packages CISA builds and deploys. Every new build would carry that backdoor forward. CISA has lost nearly a third of its workforce since January. The oversight that might have caught this sooner is gone.
Two questions worth taking back to your own team:
・ When did you last verify that secret scanning is actually enabled across every repo your contractors touch?
・ If you got the call today that credentials were public, how long would it take to rotate them?https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/
#CISA #CloudSecurity #SupplyChainSecurity #CyberGovernance #security #privacy #cloud #infosec -
🥶 A contractor for CISA posted AWS GovCloud admin keys to a public GitHub repo! The repo was named "Private-CISA." Not an accident, the contractor actively disabled GitHub's built-in secret scanner to do it. That's a choice. Not a typo, not a misconfiguration. Someone turned off the guardrail and then stored plaintext credentials in a file called "importantAWStokens." That should make every security leader lose their 💩 AND the exposed keys stayed valid for 48 hours after CISA was notified. The agency responsible for protecting the country's critical infrastructure took two days to rotate credentials sitting in a public repo. 🤬 One researcher called this "the worst leak I've witnessed in my career." The exposed files included credentials to CISA's internal software build environment. Anyone who found those keys first could have backdoored the packages CISA builds and deploys. Every new build would carry that backdoor forward. CISA has lost nearly a third of its workforce since January. The oversight that might have caught this sooner is gone.
Two questions worth taking back to your own team:
・ When did you last verify that secret scanning is actually enabled across every repo your contractors touch?
・ If you got the call today that credentials were public, how long would it take to rotate them?https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/
#CISA #CloudSecurity #SupplyChainSecurity #CyberGovernance #security #privacy #cloud #infosec -
Introducing wormbox!
Transparent sandbox + pre-install audit for the macOS Node.js toolchain (npm, pnpm, yarn, bun). Every install runs under sandbox-exec; the audit reads tarballs first and flags the shapes seen in chalk, debug, Shai-Hulud: window.ethereum proxies, atob+eval lifecycle scripts, decoded payloads fed to Function(). AWS_*/GH_TOKEN never reach postinstall.
-
Introducing wormbox!
Transparent sandbox + pre-install audit for the macOS Node.js toolchain (npm, pnpm, yarn, bun). Every install runs under sandbox-exec; the audit reads tarballs first and flags the shapes seen in chalk, debug, Shai-Hulud: window.ethereum proxies, atob+eval lifecycle scripts, decoded payloads fed to Function(). AWS_*/GH_TOKEN never reach postinstall.
-
We hope you enjoyed @glaubinix talk on the malware filtering features in Composer 2.10 at phpday. Try them out on latest snapshots today. Appreciate early feedback! Proud to sponsor @phpday in Verona, Italy!
Slides at https://glaubinix.github.io/talks/2026-05-15-Composer-2-10-Malware-Filtering.html
#php #phpc #phpday #composerphp #supplychainsecurity #malware
-
We hope you enjoyed @glaubinix talk on the malware filtering features in Composer 2.10 at phpday. Try them out on latest snapshots today. Appreciate early feedback! Proud to sponsor @phpday in Verona, Italy!
Slides at https://glaubinix.github.io/talks/2026-05-15-Composer-2-10-Malware-Filtering.html
#php #phpc #phpday #composerphp #supplychainsecurity #malware
-
We hope you enjoyed @glaubinix talk on the malware filtering features in Composer 2.10 at phpday. Try them out on latest snapshots today. Appreciate early feedback! Proud to sponsor @phpday in Verona, Italy!
Slides at https://glaubinix.github.io/talks/2026-05-15-Composer-2-10-Malware-Filtering.html
#php #phpc #phpday #composerphp #supplychainsecurity #malware
-
We hope you enjoyed @glaubinix talk on the malware filtering features in Composer 2.10 at phpday. Try them out on latest snapshots today. Appreciate early feedback! Proud to sponsor @phpday in Verona, Italy!
Slides at https://glaubinix.github.io/talks/2026-05-15-Composer-2-10-Malware-Filtering.html
#php #phpc #phpday #composerphp #supplychainsecurity #malware
-
We hope you enjoyed @glaubinix talk on the malware filtering features in Composer 2.10 at phpday. Try them out on latest snapshots today. Appreciate early feedback! Proud to sponsor @phpday in Verona, Italy!
Slides at https://glaubinix.github.io/talks/2026-05-15-Composer-2-10-Malware-Filtering.html
#php #phpc #phpday #composerphp #supplychainsecurity #malware
-
https://www.europesays.com/britain/36447/ UK sets out cyber resilience Bill & digital ID plans #CriticalInfrastructure #Cryptography #CyberResilience #CyberTraining #Cybersecurity #Data/Privacy #DataProtection #DigitalIdentity #DigitalTransformation #Entrust #IdentityVerification #Infosec #NationalCyberSecurityCentre(NCSC) #NationalSecurity #NCCGroup #OnlineSecurity #Risk&Compliance #RiskManagement #SupplyChain #SupplyChainSecurity #ThreatLandscape #UK #UkGovernment #UnitedKingdom #UnitedKingdom(UK)
-
Dear opensource developers,
I added an "adoption" list to the repro-env README, if you publish pre-compiled binaries and you successfully adopted it to allow anyone to reproduce them from source code to prove the absense of a build server compromise, you are very welcome to add yourself to the list. 😺
https://github.com/kpcyrd/repro-env#adoption
#reproducible #reproduciblebuilds #supplychainsecurity #rust
-
Dear opensource developers,
I added an "adoption" list to the repro-env README, if you publish pre-compiled binaries and you successfully adopted it to allow anyone to reproduce them from source code to prove the absense of a build server compromise, you are very welcome to add yourself to the list. 😺
https://github.com/kpcyrd/repro-env#adoption
#reproducible #reproduciblebuilds #supplychainsecurity #rust
-
Dear opensource developers,
I added an "adoption" list to the repro-env README, if you publish pre-compiled binaries and you successfully adopted it to allow anyone to reproduce them from source code to prove the absense of a build server compromise, you are very welcome to add yourself to the list. 😺
https://github.com/kpcyrd/repro-env#adoption
#reproducible #reproduciblebuilds #supplychainsecurity #rust
-
Dear opensource developers,
I added an "adoption" list to the repro-env README, if you publish pre-compiled binaries and you successfully adopted it to allow anyone to reproduce them from source code to prove the absense of a build server compromise, you are very welcome to add yourself to the list. 😺
https://github.com/kpcyrd/repro-env#adoption
#reproducible #reproduciblebuilds #supplychainsecurity #rust
-
Dear opensource developers,
I added an "adoption" list to the repro-env README, if you publish pre-compiled binaries and you successfully adopted it to allow anyone to reproduce them from source code to prove the absense of a build server compromise, you are very welcome to add yourself to the list. 😺
https://github.com/kpcyrd/repro-env#adoption
#reproducible #reproduciblebuilds #supplychainsecurity #rust
-
OpenAI says the recent TanStack npm supply-chain attack did not compromise production systems or user data, though 2 employee devices were impacted.
The company isolated systems, restricted deployments, and rotated code-signing certificates.
-
OpenAI says the recent TanStack npm supply-chain attack did not compromise production systems or user data, though 2 employee devices were impacted.
The company isolated systems, restricted deployments, and rotated code-signing certificates.
-
OpenAI says the recent TanStack npm supply-chain attack did not compromise production systems or user data, though 2 employee devices were impacted.
The company isolated systems, restricted deployments, and rotated code-signing certificates.
-
OpenAI says the recent TanStack npm supply-chain attack did not compromise production systems or user data, though 2 employee devices were impacted.
The company isolated systems, restricted deployments, and rotated code-signing certificates.
-
TeamPCP claims it breached Mistral AI while the company confirms impact from the TanStack supply chain attack involving malicious NPM and PyPI packages.
Mistral says there’s currently no evidence of an internal infrastructure breach.
-
https://www.europesays.com/uk/958955/ Alliance urges EU to rethink cyber rules for SIM tech #CyberResilience #CyberResilienceAct(CRA) #Cybersecurity #DataProtection #DeviceSecurity #DigitalResilience #eSIM #EU #Europe #Europe(European) #European #EuropeanCommission #EuropeanUnion(EU) #infosec #InternetOfThings(IoT) #IoTSecurity #NetworkSecurity #sim #SoftwareUpdates #SupplyChainSecurity #SupplyChain #TrustedConnectivityAlliance
-
Alliance urges EU to rethink cyber rules for SIM tech
Trusted Connectivity Alliance has urged European standards…
#Europe #EU #Cyberresilience #CyberResilienceAct(CRA) #cybersecurity #Dataprotection #Devicesecurity #DigitalResilience #eSIM #Europe(European) #EuropeanCommission #EuropeanUnion #EuropeanUnion(EU) #Infosec #InternetofThings(IoT) #IoTSecurity #Networksecurity #SIM #SoftwareUpdates #SupplyChain #SupplyChainSecurity #TrustedConnectivityAlliance
https://www.europesays.com/europe/41684/ -
https://www.europesays.com/dk/81795/ Royal visit highlights efforts to prevent misuse of global supply chains #APMTerminalsMaasvlakteII #automation #CriminalMisusePrevention #Customs #GlobalSupplyChains #LogisticsSecurity #MaasvlakteII #Mærsk #PortOfRotterdam #PortSecurity #PublicPrivateCooperation #Resilience #rotterdam #SeaportPolice #SecureChain #SupplyChainSecurity #TerminalSafety #TradeSecurity
-
Debian 14 Forky is mandating bit-for-bit identical builds to stop supply chain attacks. Discover how this shifts trust from servers to auditable source code.
More details here: https://ostechnix.com/debian-linux-reproducible-builds/
#Debian14 #DebianForky #ReproducibleBuilds #Security #Linux #Packages #SupplyChainSecurity
-
Debian 14 Forky is mandating bit-for-bit identical builds to stop supply chain attacks. Discover how this shifts trust from servers to auditable source code.
More details here: https://ostechnix.com/debian-linux-reproducible-builds/
#Debian14 #DebianForky #ReproducibleBuilds #Security #Linux #Packages #SupplyChainSecurity
-
Debian 14 Forky is mandating bit-for-bit identical builds to stop supply chain attacks. Discover how this shifts trust from servers to auditable source code.
More details here: https://ostechnix.com/debian-linux-reproducible-builds/
#Debian14 #DebianForky #ReproducibleBuilds #Security #Linux #Packages #SupplyChainSecurity
-
Debian 14 Forky is mandating bit-for-bit identical builds to stop supply chain attacks. Discover how this shifts trust from servers to auditable source code.
More details here: https://ostechnix.com/debian-linux-reproducible-builds/
#Debian14 #DebianForky #ReproducibleBuilds #Security #Linux #Packages #SupplyChainSecurity
-
Debian 14 Forky is mandating bit-for-bit identical builds to stop supply chain attacks. Discover how this shifts trust from servers to auditable source code.
More details here: https://ostechnix.com/debian-linux-reproducible-builds/
#Debian14 #DebianForky #ReproducibleBuilds #Security #Linux #Packages #SupplyChainSecurity
-
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
Source: https://github.com/eshlox/dvm
macOS only. Small, inspectable, no daemon, no plugin runtime. Feedback and pull requests welcome.
#SupplyChainSecurity #npm #InfoSec #DevSecOps #macOS #Linux #Lima #Bash #Sandbox #AISecurity
-
Source: https://github.com/eshlox/dvm
macOS only. Small, inspectable, no daemon, no plugin runtime. Feedback and pull requests welcome.
#SupplyChainSecurity #npm #InfoSec #DevSecOps #macOS #Linux #Lima #Bash #Sandbox #AISecurity
-
Do it today, please. Tell your team. Watch the full 60 seconds.
Video link: https://twp.ai/4hpg2D
#AppSec #SupplyChainSecurity #DevSecOps #SecureCoding #npm
2/2 -
OSSGuard — one CLI to scan your project and tell you exactly which OpenSSF security practices are missing: Scorecard, SLSA, SBOM, Sigstore, and more.
Works with Python, Go, JS, Rust, Java, C/C++.
pip install ossguard
brew install kirankotari/tap/ossguard
npx ossguardhttps://github.com/kirankotari/ossguard
#OpenSSF #SupplyChainSecurity #DevSecOps #OpenSource #DevOps #Python #Node #Golang #Community
-
Open source malicious package detections went from 20,000 a day to 100,000 in twelve months🤯
Aikido Security has been watching and building for exactly this.
Proud to have them as a Gold Sponsor for this year!
-
https://www.europesays.com/britain/31676/ UK firms urged to track hidden cyber attack surface #ApplicationInfrastructure #ApplicationProgrammingInterface(API) #AssetDiscovery #AttackSurfaceManagement #Cloud #CloudSecurity #CyberAttacks #Cybersecurity #DarkWeb #DataBreach #DigitalFootprint #DigitalTransformation #EnterpriseSecurity #ExternalAttackSurfaceManagement #Infosec #OpenSource #Phishing #ShadowIT #SupplyChain #SupplyChainSecurity #ThreatLandscape #UK #UnitedKingdom #UnitedKingdom(UK)
-
https://www.europesays.com/ie/467202/ Cloudflare warns of AI code review prompt injection #AIEthics&Governance #AISafety #AiSecurity #APISecurity #ApplicationSecurity #AppSec #ArtificialIntelligence(AI) #CloudSecurity #Cloudflare #Cybersecurity #DevSecOps #Éire #IE #Ireland #javascript #LargeLanguageModels(LLMs) #MachineLearning(ML) #RedTeaming #RiskManagement #SourceCode #SupplyChainSecurity #Technology #ThreatIntelligence #VirtualPrivateNetworks(VPNs)
-
NOAA Milestone And US Japan Pact Reframe TMC Deep Sea Metal Story
Get insights on thousands of stocks from the global community of over 7 million individual investors at Simply Wall St. NOAA confirmed that TMC the metals’ consolidated application for a deep sea exploration lice…
#Japan #JP #JapanNews #criticalminerals #environmentalreview #news #NOAA #polymetallicnodules #supplychainsecurity #TMC
https://www.alojapan.com/1481698/noaa-milestone-and-us-japan-pact-reframe-tmc-deep-sea-metal-story/ -
NOAA Milestone And US Japan Pact Reframe TMC Deep Sea Metal Story
Get insights on thousands of stocks from the global community of over 7 million individual investors at Simply Wall St. NOAA confirmed that TMC the metals’ consolidated application for a deep sea exploration lice…
#Japan #JP #JapanNews #criticalminerals #environmentalreview #news #NOAA #polymetallicnodules #supplychainsecurity #TMC
https://www.alojapan.com/1481698/noaa-milestone-and-us-japan-pact-reframe-tmc-deep-sea-metal-story/