Supply chain attacks feel like they're becoming more and more common.

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

North Korean hackers used an updated version of a known backdoor to target a popular npm package.

Karpathy proposes something simpler and more loosely, messily elegant than the typical enterprise solution of a vector ...

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...

Currently, AI is certainly creating more work for its users, requiring time to prepare context and check outcomes. Claude ...

TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ ...

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...

While previous embedding models were largely restricted to text, this new model natively integrates text, images, video, audio, and documents into a single numerical space — reducing latency by as muc ...

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...