Expert perspectives on application security, compliance, and emerging threats
IncidentIncident Overview Versions 2.6.2 and 2.6.3 of the lightning package on PyPI were compromised with malicious code. An attacker exploited a stored API token to publish these versions without authorizati
IncidentThe Challenge of AI-Driven Vulnerability Discovery On April 7, Anthropic released Claude Mythos Preview, an AI system designed to identify security vulnerabilities at scale. This tool promised to scan
IncidentOverview of the Vulnerability Unit 42 researchers have identified a vulnerability in Google Cloud Vertex AI s permission model. This flaw allows attackers with compromised credentials to escalate priv
IncidentWhat Happened On March 31, 2026, malicious versions of the axios npm package (1.14.1 and 0.30.4) were published to the npm registry using a compromised maintainer account (@jasonsaayman). The attacker
Get weekly security insights and compliance updates delivered to your inbox.
IncidentWhat Happened Recently, attackers published two malicious versions of Axios—the npm HTTP client used by millions of JavaScript applications. Versions 1.14.1 and 0.30.4 introduced a dependency called p
IncidentWhat Happened Cisco s development environment was compromised when attackers used credentials stolen from a supply chain attack on Trivy, an open-source vulnerability scanner. The threat group TeamPCP
IncidentWhat Happened In early 2025, security researchers at OX Security disclosed a critical vulnerability in Anthropic s Model Context Protocol (MCP) that allows remote code execution. This flaw affects ove
IncidentWhat Happened On December 20, 2024, Vercel discovered unauthorized access to their internal systems through a compromised OAuth token belonging to Context.ai, a third-party AI coding assistant integra
IncidentWhat Happened A critical remote code execution vulnerability (CVE-2026-1731) in Bomgar s remote monitoring and management (RMM) platform has exposed organizations to significant risk. This flaw allowe
IncidentWhat Happened On March 24, the European Commission s Security Operations Center detected unauthorized access to their AWS cloud infrastructure. The attacker, ShinyHunters, had compromised a version of
IncidentWhat Happened Threat cluster UAT-10608 exploited CVE-2025-55182 , a critical vulnerability in Next.js applications, compromising at least 766 hosts. The attackers used an automated credential harvesti
IncidentWhat Happened Between November 2024 and early 2025, threat actors linked to North Korean operations (tracked as UNC1069 and TeamPCP) compromised the Axios npm package —a JavaScript HTTP client library
IncidentWhat Happened CERT-EU confirmed that 350 GB of data was stolen from Europa.eu, the European Commission s web platform. The stolen data included personal names, email addresses, and internal messages f
IncidentWhat Happened For a brief period, attackers published backdoored versions of Axios to npm . Axios is an HTTP client library downloaded millions of times weekly. The malicious packages contained code t
IncidentOn March 31, 2026, attackers published malicious versions of axios—one of the most widely used HTTP client libraries in the JavaScript ecosystem. The compromised packages contained hidden dependencies
IncidentWhat Happened Attackers compromised the npm account of Axios lead maintainer and published malicious versions of the library containing a remote access trojan. Axios, a widely-used HTTP client library
