Supply chain attacks feel like they're becoming more and more common.

During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude ...

ShellGPT makes the terminal user-friendly, saving time by generating commands, automating scripts, and guiding me through tasks.

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

Smartphones have indisputably changed how we drive. While dodging distracted drivers playing Candy Crush at 70 MPH is a ...

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

If you’re wrangling financial data, the choice between PDF and CSV formats can seriously impact your workflow. PDFs look ...

On March 19, 2026, a threat actor known as TeamPCP compromised Aqua Security’s Trivy vulnerability scanner – the most widely adopted open-source scanner in the cloud-native ecosystem. The attacker ...