Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Every developer has a setup ritual before they start their day. Mine went unquestioned for almost two years – they were four terminal commands, typed in the same order every morning. It didn't feel ...

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...

TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver ...

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...