On Sunday morning, someone pushed 404 malicious package versions to npm and PyPI in under five hours.
Every npm install you ran this morning depended on infrastructure that's losing money.
Ox Security dropped a report on April 15 calling it "the mother of all AI supply chains.
Epoch AI published a manufacturing teardown of NVIDIA's B200 last month.
Sometime in February, a developer at Context.ai — an AI productivity startup — downloaded something they shouldn't have.
Five days ago, Vercel confirmed that attackers accessed customer environment variables through a breach that didn't start at Vercel at all.
A security researcher typed a malicious instruction into a GitHub pull request title.
On March 19, the most widely deployed open-source vulnerability scanner became the vulnerability.
When Bloomberg reported Sunday that Google is in active talks with Marvell Technology to co-develop two new custom AI chips, Marvell stock popped and Broadcom...
When Aqua Security disclosed the Trivy compromise on March 19, most teams treated it as a contained incident. Rotate the secrets, pin to a safe commit, move on.
Everyone noticed when Axios got backdoored on March 31st.
We spent three years panicking about GPU availability.
Twelve months ago, if you asked an ML platform team what kept them up at night, the answer was GPU availability.
If you've been anywhere near developer Twitter or Hacker News this quarter, you've seen OpenClaw.
#From One Stolen Token to 50 Compromised Packages: Anatomy of the TeamPCP Supply Chain Attack It started with a pull_request_target misconfiguration in a...