Exclusive: Chainguard extends Repository scanning and policies to Java, Python and containers

Secure software supply chain solution provider Chainguard Inc. today expanded its Chainguard Repository product with malware ...
startupfortune

Aether AI raises $20 million to bet the next AI ceiling is causality, not compute

Aether AI, founded by UCSD professor Biwei Huang, closed a $20 million seed round on June 18, 2026 to build causal world models that understand cause-and-effect relationships rather than statistical ...
Dark Reading

TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack

TeamPCP's extensive supply chain campaign continued this week, as the cybercriminal group compromised several SAP npm packages in a "Mini Shai Hulud" attack. The compromised packages went live ...
Ars Technica

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...
GIGAZINE

Password manager Bitwarden suffers supply chain attack; users of the npm package should check their device.

Socket, a company specializing in open-source software security, has announced that its password manager, Bitwarden, was subjected to a supply chain attack. Bitwarden CLI Compromised in Ongoing ...
IT News For Australia Business

Checkmarx-style supply chain attack hits password manager Bitwarden

A malicious version of the Bitwarden command-line interface (CLI) password manager was briefly distributed via the Node package manager (npm), as part of a widening supply chain attack targeting ...
Supply Chain Management Review

UPS RFID rollout signals next phase of supply chain visibility

UPS announced at the recent Modex conference in Atlanta the expansion of RFID-based package sensing across its entire network. While UPS claims it is the first rollout of RFID sensing across an entire ...
Homeland Security Today

Supply Chain Compromise Impacts Axios Node Package Manager , CISA Alert Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm). 1 ...
Hosted on MSN

Govt to secure goods supply chain first before introducing stimulus package

The government will first ensure there is sufficient supply of necessities before it introduces any economic stimulus package to deal with the impact from the ongoing crisis in the Middle East, says ...
CNN

North Korean hackers bug software used by thousands of US companies in potential crypto heist attempt

Suspected North Korean hackers have bugged a software package that has been used by thousands of US companies in a major supply-chain attack that could take months to recover from, security experts ...
CoinTelegraph

Supply chain attack hits Axios npm releases, users urged to rotate keys

Security companies flagged [email protected] and 0.30.4 as compromised, urging credential rotation and rollback of affected packages. Update March 31, 2026, 1:28 pm UTC: This article has been updated to ...
Infosecurity-magazine.com

TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack

TeamPCP has again expanded its supply chain attacks on open-source repositories by targeting Telnyx, according to security researchers. The cyber threat group recently rose to notoriety by uploading ...