Supply chain attacks feel like they're becoming more and more common.

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Once Infiniti Stealer is installed on a device, it will attempt to steal data from the victim's Mac and upload that ...

OpenAI’s new ChatGPT file library makes saved files easier to reuse, but deleting a chat no longer deletes the files inside ...

Your old laptop is about to outwork that overpriced NAS box ...

A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a ...

GlassWorm attack uses stolen GitHub tokens to inject malware into Python repositories, exposing developers to supply chain ...

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...