Supply chain attacks feel like they're becoming more and more common.

Free cryptographically verified code quality scoring for software procurement. The best software wins. Not the best ...

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

North Korean hackers used an updated version of a known backdoor to target a popular npm package.

JFrog reports Telnyx PyPI package was poisoned with malware by TeamPCP Malicious update delivered hidden .wav payload that ...

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...

Since February, cryptographer Nadim Kobeissi has been trying to get code fixes applied to Rust cryptography libraries to ...