npm
Cybersecurity & Risk
TeamPCP’s 317-Package Attack: How Open-Source Supply Chains Break in 20 Minutes
⚡ Key Takeaways In May 2026, threat group TeamPCP released 630+ malicious versions across 317 npm packages in 20 minutes...
Cybersecurity & Risk
TanStack Attack: How SLSA Provenance Was Weaponised Against the CI/CD Trust Chain
⚡ Key Takeaways May 11, 2026: TeamPCP stole GitHub Actions OIDC tokens via cache poisoning, publishing 84 malicious @tanstack npm...
Cybersecurity & Risk
Open Source Under Attack: 1.2 Million Malicious Packages and the Enterprise Defense Playbook
⚡ Key Takeaways Sonatype’s 2026 State of the Software Supply Chain Report identified 454,600 new malicious open source packages in...
Cybersecurity & Risk
Quasar Linux RAT: How Stolen Developer Credentials Fuel Software Supply Chain Attacks
⚡ Key Takeaways Trend Micro researchers documented QLNX (Quasar Linux RAT), a sophisticated Linux implant that targets developer workstations to...
Cybersecurity & Risk
AI Tools as Attack Vectors: Supply Chain Threats Targeting Enterprise Dev in 2026
⚡ Key Takeaways TeamPCP compromised 4 official SAP npm packages on April 29, 2026 — 570,000 weekly downloads affected, 1,100+...
Cybersecurity & Risk
Dependency Security for Algerian Developers: Lessons from the Axios npm Compromise
⚡ Key Takeaways In March 2026, attackers attributed to North Korean group UNC1069 backdoored Axios — JavaScript’s most downloaded npm...
Cybersecurity & Risk
The Axios RAT: How a Compromised npm Account Backdoored 100 Million Downloads
⚡ Key Takeaways On March 30–31, 2026, attackers linked to UNC1069 — a DPRK-aligned threat cluster tracked by Google/Mandiant —...
Cybersecurity & Risk
Axios + Bitwarden + pgserve: The April 2026 npm Worm Spree and What CI/CD Teams Must Lock Down Now
⚡ Key Takeaways Three coordinated supply-chain campaigns hit npm, PyPI, and Docker Hub between April 21-23, 2026 — the self-propagating...
