Supply chain attacks feel like they're becoming more and more common.

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

North Korean hackers used an updated version of a known backdoor to target a popular npm package.

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...

Google just rolled up with the bellhop. In case you missed it, Google's new "switching tools" let you paste a one-shot Memory ...

Miley Cyrus delivered a high-glam performance look during the “Hannah Montana 20th Anniversary Special”, pairing a custom ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ ...

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...

Students graduating in today’s labor market are facing a reality that no previous generation has faced: a job market where ...

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...