TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...

Cybercriminals used the Glassworm botnet to infect open source software projects with malware, and in turn hack the ...

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.

OpenAI was hit by a supply chain attack involving hackers publishing a malicious version of Tanstack software used for web development.

WASHINGTON (Reuters) -Microsoft has issued an alert about "active attacks" on server software used by government agencies and businesses to share documents within organizations, and recommended ...

TeamPCP is an increasingly notorious group of cybercriminals that carry out software supply chain attacks, where hundreds of ...

The AI governance gap is real - and it's coming at a high cost to enterprise organizations. The JFrog 2026 Software Supply Chain Security report shows a 451% surge in malicious npm packages, AI agent ...

Malicious campaigns targeting code used by developers of AI applications underscore the need to develop comprehensive risk-based programs around software dependencies and components. Widespread flaws ...

Suspected North Korean hackers have bugged a software package that has been used by thousands of US companies in a major supply-chain attack that could take months to recover from, security experts ...

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...

Software supply chain attacks have become one of the most difficult risks for security leaders to anticipate. Recent incidents have shown how quickly trust can be eroded when a single software ...