OpenAI revoked its macOS signing certificate after a malicious Axios dependency incident on March 31, 2026, preventing ...

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack \"software horror\"—and the details are ge.

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

IntroductionOn March 31, 2026, Anthropic accidentally exposed the full source code of Claude Code (its flagship terminal-based AI coding agent) through a 59.8 MB JavaScript source map (.map) file ...

Anthropic has exposed Claude Code's source code, with a packaging error triggering a rapid chain reaction across GitHub and ...

Last week, something alarming happened in the world of software — and almost nobody outside the tech industry noticed. A ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access trojan to potentially millions of developer environments during a three-hour ...

New AI-powered scanner -- who-touched-my-packages -- detects zero-day malicious packages and credential exfiltration in seconds BOSTON, March 26, 2026 /PRNewswire/ -- Point Wild, a leading global ...

Would you like a closer look at Claude? Someone at Anthropic has some explaining to do, as the official npm package for ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software packages, to distribute a cross-platform, ...

Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios ...

UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...