A widespread AI-assisted campaign promoting an OpenClaw Docker deployer package is spreading more than 300 Trojanized GitHub packages targeting developers and gamers alike with a data-stealing Trojan.

OpenAI revoked its macOS signing certificate after a malicious Axios dependency incident on March 31, 2026, preventing ...

Over 1,700 malicious packages since Jan 2025 fuel cross-ecosystem supply chain attacks, enabling espionage and financial ...

A Python package presented as a privacy-first shortcut to AI models has been unmasked as a supply-chain threat that quietly captures user prompts, leans on a private university service without ...

Anthropic has exposed Claude Code's source code, with a packaging error triggering a rapid chain reaction across GitHub and ...

IntroductionOn March 31, 2026, Anthropic accidentally exposed the full source code of Claude Code (its flagship ...

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

Nvidia today announced the world’s first family of open-source quantum AI models, named NVIDIA Ising. Instead of competing with the chatbots on your phone, these models are designed to act as the ...

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...

Anthropic's AI coding assistant's source code leaked, prompting swift copyright takedowns on GitHub. However, one engineer ...