On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...

Supply chain attacks feel like they're becoming more and more common.

Bura, A.H. and Mung’onya, E.M. (2026) A Novel ICT-Enabled Decision Support Approach for Surveillance and Control of ...

From STEM classrooms to early-stage startups, the LiteWing Drone has found its way into the hands of students, makers, and engineers alike. Our goal with Litewing was to build this very same ecosystem ...

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and execute arbitrary code. A critical vulnerability has been patched in vm2, a ...