RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
Ravie LakshmananMay 12, 2026Supply Chain Attack / Software Security RubyGems, the standard package manager for the Ruby programming language, has...
attack
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and...
TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
Ravie LakshmananMay 11, 2026Supply Chain Attack / DevSecOps Checkmarx has confirmed that a modified version of the Jenkins AST plugin...
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
Ravie LakshmananMay 11, 2026Supply Chain Attack / Threat Intelligence A malicious Hugging Face repository managed to take a spot in...
Canvas Breach Disrupts Schools & Colleges Nationwide
An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and...
Rowhammer Attack Against NVIDIA Chips
Rowhammer Attack Against NVIDIA Chips A new rowhammer attack gives complete control of NVIDIA CPUs. On Thursday, two research teams,...
1,800 Developers Hit in Mini Shai-Hulud Supply Chain Attack Across PyPI, NPM, and PHP
What happened A supply chain attack campaign attributed to TeamPCP, dubbed Mini Shai-Hulud, has compromised packages across the PyPI, NPM,...
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
Ravie LakshmananMay 01, 2026Supply Chain Attack / Malware A new software supply chain attack campaign has been observed using sleeper...
PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials
Ravie LakshmananApr 30, 2026Supply Chain Attack / Malware In yet another software supply chain attack, threat actors have managed to...
SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack
Ravie LakshmananApr 29, 2026Supply Chain Attack / Malware Cybersecurity researchers are sounding the alarm about a new supply chain attack...
Introducing Proactive Hardening and Attack Surface Reduction (PHASR) for Linux and macOS
The post Introducing Proactive Hardening and Attack Surface Reduction (PHASR) for Linux and macOS appeared first on Business Insights. As...
Introducing Proactive Hardening and Attack Surface Reduction (PHASR) for Linux and macOS
The post Introducing Proactive Hardening and Attack Surface Reduction (PHASR) for Linux and macOS appeared first on Business Insights. As...
The Attack Runs Itself: What Agentic AI Fraud Actually Looks Like
The post The Attack Runs Itself: What Agentic AI Fraud Actually Looks Like appeared first on Arkose Labs. This is...
Identity Protection in the AI Era
Identity has become the primary attack surface in modern enterprises. As organizations expand across cloud platforms, SaaS ecosystems, and distributed...
GitHub Actions Supply Chain Attack: Trivy Breach & Workflow
The post GitHub Actions Supply Chain Attack: Trivy Breach & Workflow appeared first on Grip Security Blog. Since the end...
