Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
Build Application Firewalls (BAFs) are emerging as a new defense against software supply chain attacks by inspecting ...
A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
Morning Overview on MSN
Supply chain attacks surge in May 2026 as AI-assisted threats hit smaller teams for the first time
When NIST quietly moved thousands of older software vulnerability records into a deprioritized queue in April 2026, it solved ...
Threat intelligence firm Cyble said such attacks occurred, on average, nearly 13 times per month last year, from February through September 2024. Starting in October, they surged to nearly 16 per ...
The North Korean hacker group APT37 has been delivering an Android version of a backdoor called BirdCall in a supply-chain ...
The DragonForce ransomware gang attacked a managed service provider's (MSP) remote monitoring and management (RMM) tool in order to conduct a supply chain attack. This news comes from Sophos, which ...
The recent Shai Hulud 2.0 incident was initially described as an “npm worm” and a “GitHub repository attack.” That framing missed the point. When you look at what actually left victims' environments, ...
A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results