Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...

The TeamPCP hacking group has been using credentials stolen in the recent OSS campaign to enumerate and compromise AWS ...

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across ...

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

The Raspberry Pi 5 is several times faster than previous models of the compact and cheap computer. For less than a couple hundred bucks, you can have a computer that can do many tasks that previously ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...