All topics

supply-chain

31 pieces of writing

security14 min read

Checkmarx KICS, npm Bitwarden CLI and GlassWorm show developer trust is the supply chain target

Checkmarx KICS, npm Bitwarden CLI packages and GlassWorm show how supply chain compromise has moved from poisoned code to weaponised developer trust.

security10 min read

Vercel breached through a compromised Context.ai OAuth grant

security9 min read

From tj-actions to LiteLLM to MCP: supply chain compromise now operates at infrastructure scale

security9 min read

NPM worms, credential harvesting and 2 billion weekly downloads: supply-chain attacks have professionalised

Supply-chain compromise is no longer opportunistic. Self-replicating NPM worms, coordinated developer phishing and credential-harvesting pipelines show an attack class that has industrialised faster than the defences meant to contain it.

Anthropic shipped its entire source code to npm and the internet kept it forever
security10 min read

Anthropic shipped its entire source code to npm and the internet kept it forever

security12 min read

Environment variables are the new command line: how AI agents keep leaking secrets through configuration files

TeamPCP compromised the AI proxy that holds everyone's API keys
security9 min read

TeamPCP compromised the AI proxy that holds everyone's API keys

LiteLLM, the universal LLM proxy with 95 million monthly downloads, was backdoored on PyPI for 46 minutes. It was enough.

security12 min read

Git tags, package registries and extension marketplaces share the same broken authentication model

Hermes Agent's worktree feature copied arbitrary files from your filesystem
security7 min read

Hermes Agent's worktree feature copied arbitrary files from your filesystem

security11 min read

Prompt injection turned MCP-connected code assistants into attack proxies

Indirect prompt injection in AI coding assistants has turned every file, dependency and skill into a potential attack vector - and the CVEs are piling up.

MCP gave AI tools a standard interface. Researchers found it was also an attack surface.
security12 min read

MCP gave AI tools a standard interface. Researchers found it was also an attack surface.

UNC5221 stole F5 source code and its customer list
security8 min read

UNC5221 stole F5 source code and its customer list

security7 min read

Basic ransomware hit one airport software vendor and grounded five European airports overnight

A piece of ransomware described as 'incredibly basic' hit a single software platform and grounded five European airports overnight. The problem wasn't the malware - it was the architecture.

When a GitHub Action rewrites its own history
security6 min read

When a GitHub Action rewrites its own history

Weekly digests

Weekly threat intelligence digest — 2026-W19

Digest

Weekly threat intelligence digest — 2026-W17

Digest

Weekly threat intelligence digest — 2026-W16

Digest

Weekly threat intelligence digest — 2026-W15

Digest

Weekly threat intelligence digest — 2026-W14

Digest

Weekly threat intelligence digest — 2026-W13

Digest

Weekly threat intelligence digest — 2026-W12

Digest

Weekly threat intelligence digest — 2026-W11

Digest

Weekly threat intelligence digest — 2026-W10

Digest

Weekly threat intelligence digest — 2026-W09

Digest

Weekly threat intelligence digest — 2025-W34

Digest

Weekly threat intelligence digest — 2025-W18

Digest

Weekly threat intelligence digest — 2025-W17

Digest

Weekly threat intelligence digest — 2025-W16

Digest

Weekly threat intelligence digest — 2025-W11

Digest

Weekly threat intelligence digest — 2025-W04

Digest

Weekly threat intelligence digest — 2025-W03

Digest