INFO

Socket raises $60 million for its open-source security platform

SC Media • May 21, 2026

HIGH

GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension

Infosecurity Magazine • May 20, 2026

HIGH

TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension

Help Net Security • May 20, 2026

HIGH

Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem

The Hacker News • May 20, 2026

HIGH

TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

The Hacker News • May 15, 2026

HIGH

OpenAI Hit by TanStack Supply Chain Attack

SecurityWeek • May 15, 2026

HIGH

Axios breach shows why software supply chains need zero trust

SC Media • May 14, 2026

HIGH

New Quasar Linux implant targets developers with rootkit and backdoor capabilities

SC Media • May 08, 2026

LOW

Set up automated dependency scanning after the recent npm/PyPI supply chain attacks

Reddit r/netsec • Apr 29, 2026

INFO

Rethinking Security from the OS Up in the Age of AI and more RSAC 2026 Interviews - Craig Sanderson, Sachin Jade, Travis Wong, Phil Calvin, Karen Heart - ESW #456

SC Media • Apr 27, 2026

INFO

SBOM erklärt: Was ist eine Software Bill of Materials?

CSO Online • Apr 22, 2026

MEDIUM

STARDUST CHOLLIMA Likely Compromises Axios npm Package

CrowdStrike •

HIGH

⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

The Hacker News • Apr 20, 2026

INFO

Supply chain dependencies: Have you checked your blind spot?

ESET WeLiveSecurity • Apr 16, 2026

INFO

Third-Party Risk Is an Intelligence Operation. It's Time We Treated It Like One.

Recorded Future • Apr 09, 2026