Supply chain attacks feel like they're becoming more and more common.

Overview NumPy and Pandas form the core of data science workflows. Matplotlib and Seaborn allow users to turn raw data into ...

The Chicago Urban Heritage Project​ is filling in blanks for the history of entire neighborhoods and Chicago as a whole, ...

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...

Google just rolled up with the bellhop. In case you missed it, Google's new "switching tools" let you paste a one-shot Memory ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

The attackers swapped the account's email address for an anonymous ProtonMail inbox and pushed the infected packages manually ...

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...