A coordinated malware campaign known as TrapDoor has hit software ecosystems widely used by crypto and blockchain developers.

An active supply chain attack is targeting crypto and artificial intelligence developers in a bid to steal crypto, data or ...

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

Supply chain attacks with a Dune sci-fi saga branding continue to spread across the open-source ecosystem, with a Microsoft ...

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...

Anthropic acquired Stainless, the SDK compiler behind OpenAI, Gemini and Llama. The deal hands one AI lab structural leverage ...

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...

Another massive supply chain attack is spreading. Hundreds of compromised NPM packages are being detected, with hackers using stolen secrets to create over 2,200 public GitHub repositories, all ...

Microsoft flagged a Mistral AI hack as a supply-chain attack that hid malware in a fake AI library on PyPI. Here's what happened and what it means.