Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, worm-like malware across dozens of packages, security firms say. Named CanisterWorm ...

UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

The TeamPCP hacking group has been using credentials stolen in the recent OSS campaign to enumerate and compromise AWS ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

Aqua Security’s Trivy vulnerability scanner was compromised in a supply chain attack, leading to information-stealing ...

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ ...

The Raspberry Pi 5 is several times faster than previous models of the compact and cheap computer. For less than a couple hundred bucks, you can have a computer that can do many tasks that previously ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...