Every developer has a setup ritual before they start their day. Mine went unquestioned for almost two years – they were four terminal commands, typed in the same order every morning. It didn't feel ...

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

TeamPCP strikes again, with almost identical code to LiteLLM.

A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.

Build your first fully functional, Java-based AI agent using familiar Spring conventions and built-in tools from Spring AI.

Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios ...

If you're paying for software features you're not even using, consider scripting them.

The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to compromised credentials.

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software packages, to distribute a cross-platform, ...