Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

Compliance continues to drive adoption of trusted open source: We saw the same themes from December present here, underscored ...

Anthropic, the flagship AI company, has inadvertently exposed the source code for its major CLI tool Claude Code. It has ...

A Python package presented as a privacy-first shortcut to AI models has been unmasked as a supply-chain threat that quietly captures user prompts, leans on a private university service without ...

AI recruiting startup Mercor confirms supply chain attack via LiteLLM library compromise. Hackers claim 4TB of data including ...

The incident has been described as one of the most significant code leaks in recent times, involving the exposure of Claude ...

Would you like a closer look at Claude? Someone at Anthropic has some explaining to do, as the official npm package for ...

AtlasCross RAT spreads via 11 fake domains registered October 27, 2025, enabling encrypted C2 control and persistence.

The TeamPCP hacking group has been using credentials stolen in the recent OSS campaign to enumerate and compromise AWS ...

Security teams are scrambling after two malicious releases of the Telnyx Python SDK were uploaded to PyPI on March 27, turning a widely used developer tool into a credential-stealing backdoor that ...

Anthropic is trying to remove details about its coding agent from GitHub, but programmers are converting the code into ...