supply chain attack
Cybersecurity & Risk
GitHub Breach via Poisoned VS Code Extension: Developer Supply Chain Security Lessons
⚡ Key Takeaways In May 2026, hacking group TeamPCP compromised a GitHub employee’s device through a poisoned VS Code extension,...
Cybersecurity & Risk
TeamPCP’s 317-Package Attack: How Open-Source Supply Chains Break in 20 Minutes
⚡ Key Takeaways In May 2026, threat group TeamPCP released 630+ malicious versions across 317 npm packages in 20 minutes...
Cybersecurity & Risk
Supply Chain Breached: Grafana Hack and VS Code Malware Target Developers in 2026
⚡ Key Takeaways On May 18, 2026, the Nx Console VS Code extension (2.2 million installs) was compromised with a...
Cybersecurity & Risk
Quasar Linux RAT: How Stolen Developer Credentials Fuel Software Supply Chain Attacks
⚡ Key Takeaways Trend Micro researchers documented QLNX (Quasar Linux RAT), a sophisticated Linux implant that targets developer workstations to...
Cybersecurity & Risk
DAEMON Tools Supply Chain Attack: How Trojanized Installers Hit Manufacturing and Government
⚡ Key Takeaways Trojanized DAEMON Tools Lite installers (versions 12.5.0.2421–12.5.0.2434) were distributed from April 8, 2026, reaching thousands of machines...
Cybersecurity & Risk
AI Tools as Attack Vectors: Supply Chain Threats Targeting Enterprise Dev in 2026
⚡ Key Takeaways TeamPCP compromised 4 official SAP npm packages on April 29, 2026 — 570,000 weekly downloads affected, 1,100+...
Cybersecurity & Risk
Algeria’s Oil Services Sector: Why EPC Contractors Are the Next Cyber Weak Link
⚡ Key Takeaways Ransomware attacks targeting the oil and gas sector surged 935% between 2023 and 2025 as attackers discovered...
Cybersecurity & Risk
IBM X-Force 2026: AI-Driven Attacks and Credential Theft Reshape the Threat Landscape
⚡ Key Takeaways The IBM X-Force 2026 Threat Intelligence Index found vulnerability exploitation became the leading attack entry point in...
Cybersecurity & Risk
IBM X-Force 2026: AI-Driven Attacks and Credential Theft Reshape the Threat Landscape
⚡ Key Takeaways The IBM X-Force 2026 Threat Intelligence Index found vulnerability exploitation became the leading attack entry point in...
Cybersecurity & Risk
The Axios RAT: How a Compromised npm Account Backdoored 100 Million Downloads
⚡ Key Takeaways On March 30–31, 2026, attackers linked to UNC1069 — a DPRK-aligned threat cluster tracked by Google/Mandiant —...
Cybersecurity & Risk
Axios + Bitwarden + pgserve: The April 2026 npm Worm Spree and What CI/CD Teams Must Lock Down Now
⚡ Key Takeaways Three coordinated supply-chain campaigns hit npm, PyPI, and Docker Hub between April 21-23, 2026 — the self-propagating...
