10 articles and related resources
Vect and TeamPCP's alliance marks a new era in ransomware, combining credential theft with advanced deployment for industrialized attacks.
The recent GitHub breach underscores the critical vulnerability of developer devices in the software supply chain, highlighting the need for enhanced security m
The Mini Shai-Hulud attack in May 2026 compromised npm and PyPI packages, highlighting the need for robust software supply chain security measures.
The UK's NCSC warns of a surge in software supply chain attacks targeting open source dependencies, urging organizations to strengthen their security practices.
The NCSC warns of escalating software supply chain attacks exploiting open source dependencies, urging organizations to enhance security measures.
A 42-line npm package was exploited to infiltrate multiple production environments, highlighting critical supply chain vulnerabilities.
The 'Mini Shai-Hulud' campaign compromised Mistral AI and Tan ... , exposing sensitive credentials and highlighting software supply chain vulnerabilities.
In March 2026, TeamPCP executed a sophisticated supply chain attack compromising cloud-native security tools, leading to widespread credential theft and unautho
Notepad++'s update infrastructure was compromised in a sophisticated supply chain attack, potentially exposing millions of users to malicious software.
Recent research reveals critical vulnerabilities in CocoaPods, exposing numerous iOS apps to potential supply chain attacks through dependency hijacking.
On March 31, 2026, North Korean hackers compromised the Axios npm package, highlighting critical vulnerabilities in the software supply chain.
On March 31, 2026, the widely-used JavaScript library Axios was compromised in a supply chain attack, leading to the publication of malicious versions containin
The widely-used Axios npm package was compromised in a significant supply chain attack, affecting millions of applications and exposing sensitive data.
Researchers unveil 'Java-Class-Hijack,' a novel supply chain attack exploiting Java's dependency resolution and classloading, posing significant risks to applic
CISA issues an urgent advisory on the Shai-Hulud npm supply chain attack, compromising over 500 packages and urging immediate dependency reviews.
State-sponsored hackers compromised Notepad++'s update mechanism, delivering malicious payloads to targeted users in East Asia's telecom and financial sectors.