Between April 21 and 23, 2026, three coordinated supply chain campaigns targeted npm, PyPI, and Docker Hub, aiming to steal developer and CI/CD credentials. The incidents included a trojanized ...

April 7 : A species of small fish has been observed by the thousands climbing a vertical waterfall 15 metres (50 feet) tall in the Democratic Republic of Congo in a behaviour that illustrates the ...

The government will first ensure there is sufficient supply of necessities before it introduces any economic stimulus package to deal with the impact from the ongoing crisis in the Middle East, says ...

Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a ...

Suspected North Korean hackers have bugged a software package that has been used by thousands of US companies in a major supply-chain attack that could take months to recover from, security experts ...

Security companies flagged axios@1.14.1 and 0.30.4 as compromised, urging credential rotation and rollback of affected packages. Update March 31, 2026, 1:28 pm UTC: This article has been updated to ...

TeamPCP has again expanded its supply chain attacks on open-source repositories by targeting Telnyx, according to security researchers. The cyber threat group recently rose to notoriety by uploading ...

A widely used Python package with more than 95 million monthly downloads has been compromised with credential-stealing malware, expanding the ongoing supply chain campaign linked to the TeamPCP threat ...

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...

Amazon is planning to cut its package delivery volumes with the U.S. Postal Service by at least two-thirds by September, as the e-commerce giant pulls back on one of its largest partnerships.