TeamPCP's supply chain attack infected 170+ npm and PyPI packages like TanStack. Learn how the Mini Shai-Hulud worm bypasses SLSA and how to stop its wiper.
Aqua Security's Trivy was compromised a second time on March 19, 2026, by "TeamPCP." Learn how malicious v0.69.4 and GitHub Actions were used to steal CI/CD secrets, how to detect the breach, and immediate remediation steps.
New cybersecurity research uncovers how AI coding assistants like Cursor and GitHub Copilot and CI/CD agents are being exploited for data theft and remote code execution. Learn the details behind ‘IDEsaster’ and ‘PromptPwnd,’ plus essential steps to secure your development environment.