Four supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days — none inside the model. A 7-row matrix maps what AI ...

On May 11, 2026, a self-replicating worm called Mini Shai-Hulud quietly slipped into 42 widely used TanStack open-source ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

The key difference between inversion of control and dependency injection is that inversion of control requires the use of an external framework to manage resources, while dependency injection provides ...

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...

A new malware framework called PCPJack is stealing credentials from exposed cloud infrastructure while actively removing ...

ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems ...

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...

Over 1,800 developers were likely infected in the Mini Shai-Hulud supply chain attack that hit SAP, Lightning, and Intercom ...

The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary advises an immediate update. An attacker uploaded a manipulated version 0.23.3 ...

Since acquiring rare disease specialist Horizon Therapeutics in 2023 for $27.8 billion, Amgen has had difficulty boosting sales for the top product gained in the buyout, thyroid eye disease (TED) ...