Dark ReadingOpinion

Claude Source Code Leak Highlights Big Supply Chain Missteps

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.
The Hacker News

The State of Trusted Open Source Report

Compliance continues to drive adoption of trusted open source: We saw the same themes from December present here, underscored ...

Major Security Breach Of Critical AI Dependency Exposes Cloud Secrets

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
Dark Reading

The Forgotten Endpoint: Security Risks of Dormant Devices

The forgotten endpoint problem isn't a sophisticated supply chain attack or a novel vulnerability. It's basic blocking and ...
XDA Developers on MSN

A popular Python library just became a backdoor to your entire machine

Supply chain attacks feel like they're becoming more and more common.
The Hacker News

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.
Security Info Watch

Opal Security Launches AI-Native Platform for Unified Access Governance

Opal Security unveils an AI-native platform designed to automate and unify access governance as organizations grapple with ...
SecurityWeek

RSAC 2026 Conference Announcements Summary (Pre-Event)

A summary of the announcements made by vendors in the days leading up to the RSAC 2026 Conference. As hundreds of vendors ...
SDxCentral

Google Vertex agentic flaw latest chink in hyperscale AI armor

The stolen credentials also granted access to the Google Cloud storage buckets within the tenant project in which a Vertex ...

Claude attacks were 'Rorschach test' for infosec community, scaring former NSA boss

RSAC 2026 The now-infamous Anthropic report about Chinese cyberspies abusing Claude AI to automate cyberattacks was a ...
CSO Online

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...