Renovate & Dependabot: The New Malware Delivery System
Supply chain attacks every other morning Unless you’ve lived under a rock for the last few months, you probably noticed...
supply
Supply Chain Attacks Surge in March 2026
IntroductionThere was a significant increase in software supply chain attacks in March 2026. There were five major software supply-chain...
The developer credential economy: Why exposure data is the new front line in the supply chain war
Recent supply chain attacks have highlighted an urgent need for organizations to shift from a reactive security posture to...
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
Ravie LakshmananApr 03, 2026Threat Intelligence / Malware The maintainer of the Axios npm package has confirmed that the supply chain compromise...
Google links Axios npm supply chain attack to North Korea-linked APT UNC1069
Google links Axios npm supply chain attack to North Korea-linked APT UNC1069 Pierluigi Paganini April 01, 2026 Google links the...
Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069
Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean...
Axios Compromise on npm Introduces Hidden Malicious Package
A newly discovered software supply chain attack targeting the npm ecosystem briefly compromised one of the most widely used...
Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the...
TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python...
The Team PCP Snowball Effect: A Quantitative Analysis
The PCP Team's supply chain attacks compromised two critical components of the development ecosystem: AquaSecurity's trivy-action and the Python...
How GitGuardian Enables Rapid Response to the LiteLLM Supply Chain Attack
The TeamPCP supply chain attack compromised LiteLLM packages 1.82.7 and 1.82.8, stealing SSH keys, cloud credentials, API tokens, and...
Malicious LiteLLM versions linked to TeamPCP supply chain attack
Malicious LiteLLM versions linked to TeamPCP supply chain attack Pierluigi Paganini March 25, 2026 TeamPCP backdoored LiteLLM v1.82.7–1.82.8, likely via...
The Trivy Supply Chain Compromise: What Happened and Playbooks to Respond
The Trivy Supply Chain Compromise: What Happened and Playbooks to Respond On March 19, 2026, a threat actor known...
44 Aqua Security repositories defaced after Trivy supply chain breach
44 Aqua Security repositories defaced after Trivy supply chain breach Pierluigi Paganini March 23, 2026 Malicious Trivy images on Docker...
Trivy Scanner Compromise Explained and What it Means For Your SaaS and CI/CD Security
AppOmni Labs explains how this SaaS supply chain attack occurred and how to guard your entire SaaS ecosystem against...
