Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

Meta pauses Mercor partnership after a major data breach raises concerns over exposure of sensitive AI training data.

The cybercrime crew linked to the Trivy supply-chain attack has struck again, this time pushing malicious Telnyx package ...

Anthropic has exposed Claude Code's source code, with a packaging error triggering a rapid chain reaction across GitHub and ...

Anthropic exposed Claude Code source on npm, revealing internal architecture, hidden features, model codenames, and fresh ...

AI hiring startup Mercor confirmed it was "one of thousands of companies" affected by the LiteLLM supply-chain attack as the ...

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

Compliance continues to drive adoption of trusted open source: We saw the same themes from December present here, underscored ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

This technique can be used out-of-the-box, requiring no model training or special packaging. It is code-execution free, which ...

The incident has been described as one of the most significant code leaks in recent times, involving the exposure of Claude ...

After the supply chain attack on LiteLLM, attackers were able to access internal Cisco data, it is said. Source code from ...