CI/CD security
Cybersecurity & Risk
Open-Source Dependencies on Trial: What Algerian Dev Teams Should Do After the npm Supply Chain Wave of 2026
⚡ Key Takeaways On May 11, 2026, TeamPCP compromised 317 npm packages within 26 minutes using a GitHub Actions cache...
Cybersecurity & Risk
Mini Shai-Hulud: How 20 Minutes Poisoned 317 npm Packages and What It Means for Open-Source Trust
⚡ Key Takeaways On May 11, 2026, TeamPCP’s mini-Shai-Hulud campaign compromised 317 npm packages in 26 minutes by exploiting a...
Cybersecurity & Risk
TeamPCP’s 317-Package Attack: How Open-Source Supply Chains Break in 20 Minutes
⚡ Key Takeaways In May 2026, threat group TeamPCP released 630+ malicious versions across 317 npm packages in 20 minutes...
Cybersecurity & Risk
TanStack Attack: How SLSA Provenance Was Weaponised Against the CI/CD Trust Chain
⚡ Key Takeaways May 11, 2026: TeamPCP stole GitHub Actions OIDC tokens via cache poisoning, publishing 84 malicious @tanstack npm...
Cybersecurity & Risk
Quasar Linux RAT: How Stolen Developer Credentials Fuel Software Supply Chain Attacks
⚡ Key Takeaways Trend Micro researchers documented QLNX (Quasar Linux RAT), a sophisticated Linux implant that targets developer workstations to...
Cybersecurity & Risk
AI Tools as Attack Vectors: Supply Chain Threats Targeting Enterprise Dev in 2026
⚡ Key Takeaways TeamPCP compromised 4 official SAP npm packages on April 29, 2026 — 570,000 weekly downloads affected, 1,100+...
Cybersecurity & Risk
Axios + Bitwarden + pgserve: The April 2026 npm Worm Spree and What CI/CD Teams Must Lock Down Now
⚡ Key Takeaways Three coordinated supply-chain campaigns hit npm, PyPI, and Docker Hub between April 21-23, 2026 — the self-propagating...
