GitHub has just announced the availability of custom images for its hosted runners. They've finally left the public preview ...

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

Supply chain attacks feel like they're becoming more and more common.

Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the Python Package Index (PyPI) following a supply chain attack that injected ...

TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ ...

Isn’t there some claim events come in threes? After the extremely rare leak of the iOS Coruna exploit chain recently, now we have details from Google on a second significant exploit in the ...

Sigrid Jin woke up to chaos and shipped "Claw Code" by breakfast. Here's everything it taught the world.

The TeamPCP hacking group has been using credentials stolen in the recent OSS campaign to enumerate and compromise AWS ...

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...