supply-chain

19 pieces of writing

TeamPCP compromised the AI proxy that holds everyone's API keys

LiteLLM, the universal LLM proxy with 95 million monthly downloads, was backdoored on PyPI for 46 minutes. It was enough.

25 March 2026

security12 min read

Git tags, package registries and extension marketplaces share the same broken authentication model

24 March 2026

security7 min read

Hermes Agent's worktree feature copied arbitrary files from your filesystem

19 March 2026

security11 min read

Prompt injection turned MCP-connected code assistants into attack proxies

Indirect prompt injection in AI coding assistants has turned every file, dependency and skill into a potential attack vector - and the CVEs are piling up.

10 March 2026

security12 min read

MCP gave AI tools a standard interface. Researchers found it was also an attack surface.

10 February 2026

security8 min read

UNC5221 stole F5 source code and its customer list

20 October 2025

security7 min read

Basic ransomware hit one airport software vendor and grounded five European airports overnight

A piece of ransomware described as 'incredibly basic' hit a single software platform and grounded five European airports overnight. The problem wasn't the malware - it was the architecture.

25 September 2025

security6 min read

When a GitHub Action rewrites its own history

17 March 2025

Weekly digests

supply-chain

TeamPCP compromised the AI proxy that holds everyone's API keys

Git tags, package registries and extension marketplaces share the same broken authentication model

Hermes Agent's worktree feature copied arbitrary files from your filesystem

Prompt injection turned MCP-connected code assistants into attack proxies

MCP gave AI tools a standard interface. Researchers found it was also an attack surface.

UNC5221 stole F5 source code and its customer list

Basic ransomware hit one airport software vendor and grounded five European airports overnight

When a GitHub Action rewrites its own history

Weekly threat intelligence digest — 2026-W12

Weekly threat intelligence digest — 2026-W11

Weekly threat intelligence digest — 2026-W10

Weekly threat intelligence digest — 2026-W09

Weekly threat intelligence digest — 2025-W34

Weekly threat intelligence digest — 2025-W18

Weekly threat intelligence digest — 2025-W17

Weekly threat intelligence digest — 2025-W16

Weekly threat intelligence digest — 2025-W11

Weekly threat intelligence digest — 2025-W04

Weekly threat intelligence digest — 2025-W03