With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...

Zero Cost 40 req/min free on NVIDIA NIM. Free models on OpenRouter. Fully local with LM Studio ...

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack \"software ...

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...

During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude ...

AI is burying open source maintainers under a flood of automated security reports they don't have the time or tools to ...

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching ...

Chainguard is expanding beyond open-source security to protect open-core software, AI agent skills, and GitHub Actions.

Learn how to protect Model Context Protocol (MCP) from quantum-enabled adversarial attacks using automated threat detection ...