CERT-EU attributed a 92 GB data breach at the European Commission to TeamPCP, which compromised the Trivy security scanner in ...
The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...
Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
On X, Shou linked to a zip file with the leaked code. He is the CTO of Fuzzland and a dropout of the UC Berkeley Ph.D.
Anthropic’s leak of proprietary Claude Code sparked the developer community to group around “claw-code,” the fastest-growing ...
A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...
A routine software update for Anthropic's Claude Code tool accidentally leaked its entire source code, sparking rapid ...
With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...
TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ ...
Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked ...
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results