Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...
The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...
After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...
Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...
Unlike Nvidia's earlier Grace processors, which were primarily sold as companions to GPUs, Vera is positioned as a general-purpose data center CPU with a strong focus ...
Aqua Security’s Trivy vulnerability scanner was compromised in a supply chain attack, leading to information-stealing ...
A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...
If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results