All news

Supply Chain Attack

(10 articles)
Anthropic MCP Flaw Enables RCE and AI Supply Chain Risk

April 20, 2026

Anthropic MCP Flaw Enables RCE and AI Supply Chain Risk

A design vulnerability in Anthropic's MCP protocol enables remote code execution, putting AI supply chains at serious risk. Here's what developers need to know.

Taboola Routes Banking Sessions to Temu: What's at Risk

April 16, 2026

Taboola Routes Banking Sessions to Temu: What's at Risk

Taboola's ad scripts are routing logged-in banking session data to Temu servers. Here's what developers need to know and how to stop it now.

WordPress EssentialPlugin Suite Hacked to Push Malware

April 15, 2026

WordPress EssentialPlugin Suite Hacked to Push Malware

30+ WordPress plugins in the EssentialPlugin package were backdoored to push malware via updates. Here's what happened and how to protect your site.

108 Malicious Chrome Extensions Steal User Data

April 14, 2026

108 Malicious Chrome Extensions Steal User Data

108 malicious Chrome extensions were caught stealing Google and Telegram credentials from 20,000 users. Here's how they work and how to protect yourself.

OpenAI Revokes macOS Certificate After Supply Chain Attack

April 13, 2026

OpenAI Revokes macOS Certificate After Supply Chain Attack

OpenAI revoked its macOS app certificate after a malicious Axios supply chain incident exposed users to tampered builds. Here's what developers need to know.

LiteLLM Flaw Turns Dev Machines Into Credential Vaults

April 6, 2026

LiteLLM Flaw Turns Dev Machines Into Credential Vaults

A critical LiteLLM vulnerability exposed developer machines as credential vaults for attackers. Learn how it works and how to protect your AI toolchain now.

CERT-EU: European Commission Hack Exposes Data of 30 EU Entities

April 3, 2026

CERT-EU: European Commission Hack Exposes Data of 30 EU Entities

TeamPCP breached the European Commission's AWS environment using a stolen API key, exposing data from 30+ EU entities. Here's how it happened and what devs must do.

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

April 1, 2026

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google links the Axios npm supply chain attack to North Korean threat group UNC1069. Here's what happened and how developers can protect their code.

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

March 31, 2026

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

A compromised npm account pushed a cross-platform RAT through the Axios package. Here's what happened and how developers can protect their supply chain.

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

March 24, 2026

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

TeamPCP compromised Checkmarx GitHub Actions pipelines using stolen CI credentials - here is what happened and how to lock down your own pipelines.