Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the...
chain
TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python...
The Team PCP Snowball Effect: A Quantitative Analysis
The PCP Team's supply chain attacks compromised two critical components of the development ecosystem: AquaSecurity's trivy-action and the Python...
How GitGuardian Enables Rapid Response to the LiteLLM Supply Chain Attack
The TeamPCP supply chain attack compromised LiteLLM packages 1.82.7 and 1.82.8, stealing SSH keys, cloud credentials, API tokens, and...
Malicious LiteLLM versions linked to TeamPCP supply chain attack
Malicious LiteLLM versions linked to TeamPCP supply chain attack Pierluigi Paganini March 25, 2026 TeamPCP backdoored LiteLLM v1.82.7–1.82.8, likely via...
The Trivy Supply Chain Compromise: What Happened and Playbooks to Respond
The Trivy Supply Chain Compromise: What Happened and Playbooks to Respond On March 19, 2026, a threat actor known...
44 Aqua Security repositories defaced after Trivy supply chain breach
44 Aqua Security repositories defaced after Trivy supply chain breach Pierluigi Paganini March 23, 2026 Malicious Trivy images on Docker...
Trivy Scanner Compromise Explained and What it Means For Your SaaS and CI/CD Security
AppOmni Labs explains how this SaaS supply chain attack occurred and how to guard your entire SaaS ecosystem against...
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
Ravie LakshmananMar 21, 2026Malware / Threat Intelligence The threat actors behind the supply chain attack targeting the popular Trivy scanner...
North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT
Ravie LakshmananMar 02, 2026Supply Chain Attack / Malware Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview...
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster...
Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems
In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily...
npm’s Update to Harden Their Supply Chain, and Points to Consider
The Hacker NewsFeb 13, 2026Supply Chain Security / DevSecOps In December 2025, in response to the Sha1-Hulud incident, npm completed...
Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware
Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index...
Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions
Ravie LakshmananFeb 04, 2026Supply Chain Security / Secure Coding The Eclipse Foundation, which maintains the Open VSX Registry, has announced...
