IntroductionOn March 31, 2026, Anthropic accidentally exposed the full source code of Claude Code (its flagship ...

This technique can be used out-of-the-box, requiring no model training or special packaging. It is code-execution free, which ...

Anthropic leaked 512,000 lines of Claude Code source via npm, its second security lapse in days as the $350B startup eyes a ...

Anthropic is trying to remove details about its coding agent from GitHub, but programmers are converting the code into ...

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

Truelist releases 20+ free, open-source SDKs and framework integrations for email validation — Node, Python, React, ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...

Supply chain attacks feel like they're becoming more and more common.