open source security
Cybersecurity & Risk
Mini Shai-Hulud: 630 Poisoned npm Packages in 20 Minutes — The Defense Checklist
⚡ Key Takeaways The Mini Shai-Hulud campaign deployed over 630 malicious npm package versions across 317 packages in approximately 20...
Cybersecurity & Risk
GitHub Breach via Poisoned VS Code Extension: Developer Supply Chain Security Lessons
⚡ Key Takeaways In May 2026, hacking group TeamPCP compromised a GitHub employee’s device through a poisoned VS Code extension,...
Cybersecurity & Risk
Open-Source Dependencies on Trial: What Algerian Dev Teams Should Do After the npm Supply Chain Wave of 2026
⚡ Key Takeaways On May 11, 2026, TeamPCP compromised 317 npm packages within 26 minutes using a GitHub Actions cache...
Cybersecurity & Risk
Mini Shai-Hulud: How 20 Minutes Poisoned 317 npm Packages and What It Means for Open-Source Trust
⚡ Key Takeaways On May 11, 2026, TeamPCP’s mini-Shai-Hulud campaign compromised 317 npm packages in 26 minutes by exploiting a...
Cybersecurity & Risk
TeamPCP’s 317-Package Attack: How Open-Source Supply Chains Break in 20 Minutes
⚡ Key Takeaways In May 2026, threat group TeamPCP released 630+ malicious versions across 317 npm packages in 20 minutes...
Cybersecurity & Risk
TanStack Attack: How SLSA Provenance Was Weaponised Against the CI/CD Trust Chain
⚡ Key Takeaways May 11, 2026: TeamPCP stole GitHub Actions OIDC tokens via cache poisoning, publishing 84 malicious @tanstack npm...
Cybersecurity & Risk
Open Source Under Attack: 1.2 Million Malicious Packages and the Enterprise Defense Playbook
⚡ Key Takeaways Sonatype’s 2026 State of the Software Supply Chain Report identified 454,600 new malicious open source packages in...
Cybersecurity & Risk
Supply Chain Attacks: Developer Hygiene Playbook for Algerian Tech Teams
⚡ Key Takeaways Five major open-source supply chain attacks hit in March 2026, including trojanized LiteLLM (3.4 million daily downloads)...
Cybersecurity & Risk
The Axios RAT: How a Compromised npm Account Backdoored 100 Million Downloads
⚡ Key Takeaways On March 30–31, 2026, attackers linked to UNC1069 — a DPRK-aligned threat cluster tracked by Google/Mandiant —...
Cybersecurity & Risk
Software Supply Chain Security in Algeria: Five Practices the Trivy Breach Makes Urgent
⚡ Key Takeaways The March 2026 Trivy supply chain attack (CVE-2026-33634, CVSS 9.4) compromised over 1,000 SaaS environments and exfiltrated...
Cybersecurity & Risk
EU CRA: The Cyber Resilience Act Enters Its Critical Phase
The EU Cyber Resilience Act activates mandatory vulnerability reporting in September 2026 and full compliance by December 2027. Complete guide inside.
