After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

Anthropic exposed Claude Code source on npm, revealing internal architecture, hidden features, model codenames, and fresh ...

The incident has been described as one of the most significant code leaks in recent times, involving the exposure of Claude ...

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...

Four vulnerabilities in CrewAI could be chained together via prompt injection for sandbox escape, remote code execution, and ...

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...

IntroductionOn March 31, 2026, Anthropic accidentally exposed the full source code of Claude Code (its flagship ...

Security teams are scrambling after two malicious releases of the Telnyx Python SDK were uploaded to PyPI on March 27, turning a widely used developer tool into a credential-stealing backdoor that ...

A critical security vulnerability in Langflow allows attackers to push and execute malicious code on PCs. A security patch is ...

Attackers weaponized critical RCE within hours, prompting CISA to add the flaw to its KEV catalog and set an urgent patch ...