Supply chain attacks feel like they're becoming more and more common.

No more fighting an endless article backlog.

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...

Instead of the usual phishing email or fake download page, attackers are using Google Forms to kick off the infection chain.

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude ...

Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked ...

Andrej Karpathy has argued that human researchers are now the bottleneck in AI, after his open-source autoresearch framework ...

An incident of LinkedIn malware means jobseekers and employers need to take more care with their applications and ...