The software supply chain is under relentless attack from campaigns like TeamPCP and the Axios hack. Learn actionable, step-by-step strategies to secure your CI/CD pipelines and developer endpoints.
Leaked service account keys are a top cloud security risk. This definitive developer's guide explains how to go keyless with GCP's Workload Identity Federation.
A massive supply chain attack has hit the popular npm package Axios. Versions 1.14.1 and 0.30.4 deploy a stealthy Remote Access Trojan (RAT) via a fake dependency. Learn how to detect and remediate this critical threat.
Anthropic accidentally leaked 512,000 lines of Claude Code source on npm. Learn how attackers are weaponizing the source map for context poisoning and sandbox bypasses.
TeamPCP strikes again. The popular Python package litellm (versions 1.82.7 and 1.82.8) was compromised on PyPI, deploying a credential harvester and Kubernetes backdoor.
Aqua Security's Trivy was compromised a second time on March 19, 2026, by "TeamPCP." Learn how malicious v0.69.4 and GitHub Actions were used to steal CI/CD secrets, how to detect the breach, and immediate remediation steps.
Google has officially closed its acquisition of Wiz. Learn what this merger means for multi-cloud security, AI-driven threat detection, and platform support.