A large-scale software supply chain attack has forced npm to take unprecedented action, resetting thousands of … npm Resets Tokens After “Mini Shai-Hulud” Supply Chain AttackRead more
npm
Gamifying Chaos: TeamPCP and BreachForums Launch Supply Chain Attack Contest
In a disturbing shift for global software security, the cybercrime group TeamPCP and the operators of … Gamifying Chaos: TeamPCP and BreachForums Launch Supply Chain Attack ContestRead more
Worm Alert: SAP npm Packages Weaponized to Steal Cloud and AI Secrets
A sophisticated supply chain attack has targeted the SAP developer ecosystem, hijacking official npm packages to … Worm Alert: SAP npm Packages Weaponized to Steal Cloud and AI SecretsRead more
Brand-Squatting Alert: Fake “tanstack” npm Package Steals Developer Secrets
In the world of JavaScript development, TanStack (Query, Table, Router) is a gold standard. However, a … Brand-Squatting Alert: Fake “tanstack” npm Package Steals Developer SecretsRead more
The Shai-Hulud Worm: Bitwarden CLI Compromise Exposes Cloud Secrets
On April 22, 2026, the software supply chain faced a surgical strike. Between 5:57 PM and … The Shai-Hulud Worm: Bitwarden CLI Compromise Exposes Cloud SecretsRead more