Supply chain attacks feel like they're becoming more and more common.

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Discover custom web development services that actually scale, helping businesses improve performance, flexibility, security, ...

During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude ...

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Java has endured radical transformations in the technology landscape and many threats to its prominence. What makes this ...

Cloud attacks are getting faster and deadlier - here's your best defense plan ...

Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked ...