The Hacker News

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI revoked its macOS signing certificate after a malicious Axios dependency incident on March 31, 2026, preventing ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
Infosecurity Magazine

TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...

Tesla's former VP Andrej Karpathy shares AI coding 'horror', 'Python supply chain attack' that could have wiped millions of SSL private keys, database passwords, more; and Elon ...

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack \"software horror\"—and the details are ge.

The invisible shield: How AI is quietly protecting the software that runs your life

Last week, something alarming happened in the world of software — and almost nobody outside the tech industry noticed. A ...

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...

Cloudflare Expands Its Agent Cloud to Power the Next Generation of Agents

As the way software is built fundamentally changes, Cloudflare introduces the infrastructure to power millions of autonomous, ...

NetKnights releases privacyIDEA 3.13 with enhanced passkey functionality and new web interface

The IT security company NetKnights has released version 3.13 of its multi-factor authentication software, privacyIDEA ...
Dark Reading

Claude Source Code Leak Highlights Big Supply Chain Missteps

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.
Infosecurity Magazine

TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets

TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ ...
Crypto Briefing

Anthropic’s Claude Code leak reveals autonomous agent tools and unreleased models

Anthropic exposed Claude Code source on npm, revealing internal architecture, hidden features, model codenames, and fresh ...