The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...

China will set up a sweeping new mechanism to ensure the security of its supply chains, targeting espionage and allowing Beijing to retaliate against foreign entities if they impose curbs on trade, ...

Abstract: The software supply chain has become a critical attack vector for adversaries aiming to infiltrate software development workflows by injecting malicious code into third-party packages and ...

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack "software horror"—and the details are genuinely alarming. A compromised version of LiteLLM ...

The US has officially deemed artificial intelligence (AI) firm Anthropic a supply chain risk, setting the stage for an unprecedented legal fight. The Pentagon's designation is the first time a US ...

Defense Secretary Pete Hegseth deemed artificial intelligence firm Anthropic a "supply chain risk to national security" on Friday, following days of increasingly heated public conflict over the ...