CERT-EU attributed a 92 GB data breach at the European Commission to TeamPCP, which compromised the Trivy security scanner in ...

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

Sigrid Jin woke up to chaos and shipped "Claw Code" by breakfast. Here's everything it taught the world.

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Anthropic’s leak of proprietary Claude Code sparked the developer community to group around “claw-code,” the fastest-growing ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

A routine software update for Anthropic's Claude Code tool accidentally leaked its entire source code, sparking rapid community response. Within hours, a developer rewrote the tool in Python and then ...

TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ ...

Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked maintainer account is behind the ...

The Trivy story is moving quickly, and the latest reporting makes one thing clear: this is no longer just a GitHub Actions tag hijack. What started as a compromise of trivy-action, setup-trivy, and ...

Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware capable of ...