HIGH

GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension

Infosecurity Magazine • May 21, 2026

CRITICAL

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

The Hacker News • May 20, 2026

MEDIUM

Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged

The Register Security • May 11, 2026

HIGH

Open source package with 1 million monthly downloads stole user credentials

Ars Technica Security • Apr 27, 2026

HIGH

The LiteLLM attack was a warning shot for Agentic AI supply chains

SC Media • Apr 22, 2026

MEDIUM

STARDUST CHOLLIMA Likely Compromises Axios npm Package

CrowdStrike •

HIGH

STARDUST CHOLLIMA Likely Compromises Axios npm Package

CrowdStrike •

CRITICAL

CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

The Hacker News • Apr 12, 2026

HIGH

CPU-Z and HWMonitor are Malware!?

The PC Security Channel • Apr 11, 2026

HIGH

Smart Slider updates hijacked to push malicious WordPress, Joomla versions

BleepingComputer • Apr 09, 2026

HIGH

The Team PCP Snowball Effect: A Quantitative Analysis

Reddit r/netsec • Mar 30, 2026

HIGH

Trivy supply chain compromise: What Docker Hub users should know

Docker Blog • Mar 23, 2026

HIGH

From Scanner to Stealer: Inside the trivy-action Supply Chain Compromise

CrowdStrike •

CRITICAL

Risky Business #826 -- A week of AI mishaps and skulduggery

Risky Business • Feb 25, 2026