A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Meta has indefinitely paused work with $10B AI data startup Mercor after a LiteLLM supply chain attack exposed training ...

AI recruiting startup Mercor confirms supply chain attack via LiteLLM library compromise. Hackers claim 4TB of data including ...

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...

TeamPCP strikes again, with almost identical code to LiteLLM.

North Korean hackers used an updated version of a known backdoor to target a popular npm package.

Engineers from OLX reported that a single-line modification to dependency requirements allows developers to exclude unnecessary GPU libraries, shrinking contain ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...