TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

On April 29, 2026, someone hijacked four widely used SAP packages on the npm registry, slipped credential-stealing malware ...

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. As of writing, ...

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million weekly downloads. The North Korean state actor Sapphire Sleet compromised the ...

Support our Mission. We independently test each product we recommend. When you buy through our links, we may earn a commission. Any smart business knows what business it’s in. Shot Scope, along with ...

Unlike other blockchains, Hedera is using a unique Directed Acyclic Graph (DAG) mechanism with “gossip about gossip” and virtual voting. This unique mechanism helps it to achieve over 10,000 TPS and 3 ...

New attack waves from the ‘PhantomRaven’ supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers. The campaign ...

NEW YORK, March 9 (Reuters) - Anthropic on Monday filed a lawsuit to block the Pentagon from placing it on a national security blacklist, escalating the artificial intelligence lab’s high-stakes ...

The March/April 2026 issue of Supply Chain Management Review examines how supply chain leaders are managing supplier risk, circular supply chain design, AI-driven retail planning, CPG network ...