TeamPCP's supply chain attack infected 170+ npm and PyPI packages like TanStack. Learn how the Mini Shai-Hulud worm bypasses SLSA and how to stop its wiper.
A massive supply chain attack has hit the popular npm package Axios. Versions 1.14.1 and 0.30.4 deploy a stealthy Remote Access Trojan (RAT) via a fake dependency. Learn how to detect and remediate this critical threat.
TeamPCP strikes again. The popular Python package litellm (versions 1.82.7 and 1.82.8) was compromised on PyPI, deploying a credential harvester and Kubernetes backdoor.
Aqua Security's Trivy was compromised a second time on March 19, 2026, by "TeamPCP." Learn how malicious v0.69.4 and GitHub Actions were used to steal CI/CD secrets, how to detect the breach, and immediate remediation steps.
The worm has returned. Shai-Hulud 2.0 has compromised over 25,000+ malicious repos across ~350 GitHub users by weaponizing the developers themselves. Discover how this recursive supply chain attack works and how to sanitize your registry.
Discover AI Slopsquatting, the new supply chain attack where AI code assistants hallucinate malicious packages, tricking developers into installing malware.
Master MCP security threats: RCE, injection attacks, malicious dependencies & data poisoning. Complete defense-in-depth guide for securing AI agents and preventing supply chain attacks.
A massive supply chain risk lurks in the VS Code Marketplace. Learn how attackers use typosquatting to impersonate popular extensions and install malware directly into your IDE.
Anatomy of the mass NPM hijack that breached the internet's core. This CISO's guide details the attack, its impact, and the immediate action plan you must execute now.
A major supply chain attack via Salesloft and Drift has breached top companies. This guides you to the threat, the impact on Salesforce, and the immediate action plan you need.