Supply Chain

2 minute read

Hackers Poison Axios npm Package with 100 Million Weekly Downloads

Axios npm Package compromised in a supply chain attack, exposing developers to malware, data theft, and full system takeover risks worldwide.

byDeeba Ahmed

March 31, 2026

2 minute read

TeamPCP Uses Fake Ringtone File in Tainted Telnyx SDK to Steal Credentials

Telnyx issues an urgent alert after hackers TeamPCP uploaded malicious versions (4.87.1 & 4.87.2) of its Python SDK to steal cloud and crypto credentials.

byDeeba Ahmed

March 30, 2026

3 minute read

TeamPCP Hits Trivy, Checkmarx, and LiteLLM in Credential Theft Campaign

Hackers compromised Trivy, Checkmarx, and LiteLLM in a supply chain attack, stealing cloud credentials, tokens, and crypto wallet data from developers.

byDeeba Ahmed

March 25, 2026

7 minute read

Understanding Wiz’s Approach to Securing the AI Supply Chain

As organizations race to deploy AI, securing the rapidly expanding ecosystem of models, data, and dependencies has become a critical priority, much of which can be addressed by Wiz’s CNAPP solution.

byWaqas

March 24, 2026

How 2 Missing Characters Nearly Compromised AWS

2 minute read

Security

How 2 Missing Characters Nearly Compromised AWS

A supply chain vulnerability in AWS CodeBuild recently put the entire AWS Console at risk. Learn how Wiz Research found the flaw and how Amazon responded to prevent a global security crisis.

byDeeba Ahmed

January 16, 2026

2 minute read

AIPAC Discloses Data Breach, Says Hundreds Affected

AIPAC reports data breach after external system access, hundreds affected, investigation ongoing with added security steps.

byWaqas

November 17, 2025

3 minute read

Fake NPM Package With 206K Downloads Targeted GitHub for Credentials (UPDATED)

Veracode Threat Research exposed a targeted typosquatting attack on npm, where the malicious package @acitons/artifact stole GitHub tokens. Learn how this supply chain failure threatened the GitHub organisation's code.

byDeeba Ahmed

November 11, 2025

Why Organizations Can’t Ignore Vendor Risk Assessment in Today’s Cyber-Threat Landscape

4 minute read

Security

Why Organizations Can’t Ignore Vendor Risk Assessment in Today’s Cyber-Threat Landscape

In an era where digital ecosystems extend far beyond a company’s internal network, enterprise cybersecurity is no longer…

byOwais Sultan

November 10, 2025

Severe React Native Flaw Exposes Developer Systems to Remote Attacks

2 minute read

Security

Severe React Native Flaw Exposes Developer Systems to Remote Attacks

JFrog researchers found a critical RCE vulnerability (CVE-2025-11953) in the popular React Native CLI. Developers using versions 4.8.0-20.0.0-alpha.2 must update to patch the flaw.

byDeeba Ahmed

November 5, 2025

GhostAction Attack Steals 3,325 Secrets from GitHub Projects

2 minute read

Security

GhostAction Attack Steals 3,325 Secrets from GitHub Projects

GhostAction supply chain attack hit 817 GitHub repositories, stealing 3,325 secrets including npm, PyPI, and DockerHub tokens.

byWaqas

September 6, 2025

The Latest

BreachLock Named Representative Vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation

The Ungoverned Workforce: Cybersecurity Insiders Finds 92% Lack Visibility Into AI Identities

Threat Intel Scraping Without Burning Your Cover or Your Stack

Grinex crypto exchange shuts down, blames Western agencies for $13.7M breach

Supply Chain

Hackers Poison Axios npm Package with 100 Million Weekly Downloads

TeamPCP Uses Fake Ringtone File in Tainted Telnyx SDK to Steal Credentials

TeamPCP Hits Trivy, Checkmarx, and LiteLLM in Credential Theft Campaign

Understanding Wiz’s Approach to Securing the AI Supply Chain

How 2 Missing Characters Nearly Compromised AWS

AIPAC Discloses Data Breach, Says Hundreds Affected

Fake NPM Package With 206K Downloads Targeted GitHub for Credentials (UPDATED)

Why Organizations Can’t Ignore Vendor Risk Assessment in Today’s Cyber-Threat Landscape

Severe React Native Flaw Exposes Developer Systems to Remote Attacks

GhostAction Attack Steals 3,325 Secrets from GitHub Projects

BreachLock Named Representative Vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation

The Ungoverned Workforce: Cybersecurity Insiders Finds 92% Lack Visibility Into AI Identities

Security Risk Advisors Purple Team Participants Can Now Earn CPE Credits

Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action

AI Future: The Leading International AI and Web3 Forum to Take Place in April