Four supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days — none inside the model. A 7-row matrix maps what AI ...

On May 11, 2026, a self-replicating worm called Mini Shai-Hulud quietly slipped into 42 widely used TanStack open-source ...

TeamPCP's extensive supply chain campaign continued this week, as the cybercriminal group compromised several SAP npm packages in a "Mini Shai Hulud" attack. The compromised packages went live ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...

UPS announced at the recent Modex conference in Atlanta the expansion of RFID-based package sensing across its entire network. While UPS claims it is the first rollout of RFID sensing across an entire ...

The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm). 1 ...

UPS is going all in on RFID. The logistics giant has invested more than $100 million in projects to roll out the technology across its network, the company revealed on Tuesday. “With RFID embedded ...

Suspected North Korean hackers have bugged a software package that has been used by thousands of US companies in a major supply-chain attack that could take months to recover from, security experts ...

Security companies flagged [email protected] and 0.30.4 as compromised, urging credential rotation and rollback of affected packages. Update March 31, 2026, 1:28 pm UTC: This article has been updated to ...

TeamPCP has again expanded its supply chain attacks on open-source repositories by targeting Telnyx, according to security researchers. The cyber threat group recently rose to notoriety by uploading ...

A widely used Python package with more than 95 million monthly downloads has been compromised with credential-stealing malware, expanding the ongoing supply chain campaign linked to the TeamPCP threat ...

Amazon is planning to cut its package delivery volumes with the U.S. Postal Service by at least two-thirds by September, as the e-commerce giant pulls back on one of its largest partnerships.