Axios npm packages backdoored in supply chain attack
An unknown attacker has compromised the GitHub and npm accounts of the main developer of Axios, a widely used HTTP client library, and published npm packages...
Supply Chain
20 articles
Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious depend...
PwC: Identity compromise a supply chain for attackers
PwC's "Cyber threats in motion" report warns that AI is giving attackers added sophistication, speed, and scale, but identity remains the fulcrum of entry, a...
Telnyx Targeted in Growing TeamPCP Supply Chain Attack
Two malicious versions of the popular SDK were uploaded to the PyPI registry, targeting Windows, macOS, and Linux. The post Telnyx Targeted in Growing TeamPC...
The Good, the Bad and the Ugly in Cybersecurity – Week 13
Alleged RedLine operator faces 30 years, FAUX#ELEVATE compromises enterprises in 30 seconds, and TeamPCP launches cascading supply chain attacks.
New Context Hub service potentially exploitable in AI supply chain attacks
AI coding agents could be injected with nefarious instructions, resulting in potential supply chain compromise, through a new proof-of-concept attack against...
Your facilities run on fragile supply chains and nobody wants to admit it
In this Help Net Security interview, Christa Dodoo, Global Chair at IFMA, discusses how facility managers are managing supply chain risk in critical building...
FCC bans foreign-made routers in bid to secure supply chain
Security pros OK with FCC’s move to ban foreign routers, but say the real risk lies with unmanaged identities.
Supply chain attack hits widely-used AI package, risks impacting thousands of companies
The incident highlights growing concerns over the security of the open-source software supply chain, where widely-used tools maintained by small teams can pr...
AI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest Link
PwC finds AI is amplifying speed and scale of attacks, as identity theft evolves into a cybercriminal supply chain. The post AI Speeds Attacks, But Identity ...
Paid AI Accounts Are Now a Hot Underground Commodity
AI accounts are becoming part of the cybercrime supply chain, sold like email accounts or VPS access. Flare Systems shows how underground markets bundle and ...
2026 SC Award winner Black Duck — Best Supply Chain Security Solution
Black Duck earns honor for delivering visibility at scale.
LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks
A slew of supply chain attacks against popular open source tools and packages appears to have been orchestrated by TeamPCP, a cybercriminal group that rose t...
FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns
The U.S.
FCC Blocks New Foreign Consumer Router Models Citing Serious Security Risks
On March 23, 2026, the Federal Communications Commission (FCC) officially updated its Covered List to ban all new consumer-grade routers produced in foreign ...
Understanding Wiz’s Approach to Securing the AI Supply Chain
As organizations race to deploy AI, securing the rapidly expanding ecosystem of models, data, and dependencies has become a critical priority, much of which ...
Critics call FCC router rule a ‘big swing’ that could create more supply chain uncertainty
The choice to ban all foreign-made routers instead of targeting known risks could create legal and supply chain disruptions with unclear national security re...
New CanisterWorm Targets Kubernetes Clusters, Deploys “Kamikaze” Wiper
CanisterWorm spreads via npm supply chain attack, hijacks developer accounts, targets Kubernetes clusters, and deploys destructive Kamikaze wiper payload.
From Scanner to Stealer: Inside the trivy-action Supply Chain Compromise
MCP Servers Are the New Shadow IT for AI
Key Takeaways MCP servers are becoming the default wiring between AI agents and enterprise applications — but most organizations have zero visibility into wh...