TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been published on the Jenkins Marketplace. The compromise was claimed by the TeamPCP ...
The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...
Zaid Al Hamani, CEO and Founder of Boost Security, is a cybersecurity and DevSecOps leader with over two decades of ...
CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...
Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.
Morning Overview on MSN
Malicious open-source packages have surged 73% in 2026 as attackers poison the software supply chain
In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...
A new wave of the Mini Shai-Hulud campaign compromised dozens of TanStack npm packages as part of a broader supply chain ...
Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
Build Application Firewalls (BAFs) are emerging as a new defense against software supply chain attacks by inspecting ...
TeamPCP compromised a Checkmarx Jenkins plugin in 2026, exposing supply chain security gaps and credential risks.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results