Understand why SBOM, CBOM, and AIBOM are essential visibility layers for modern security and compliance programs.
Jun 09, 2026 • 15:00 UTC
A supply chain attack compromised 160+ NPM packages in the TanStack ecosystem through dependency confusion.
May 13, 2026 • 11:00 UTC
Attackers backdoored element-data 0.23.3 via a GitHub Actions flaw, exposing cloud keys and API tokens.
May 01, 2026 • 10:00 UTC
Analysis of the element-data supply chain poisoning attack targeting npm packages.
Apr 28, 2026 • 13:00 UTC
A self-replicating supply chain worm that propagates through developer dependencies.
Apr 24, 2026 • 05:00 UTC
A zero-authentication terminal WebSocket vulnerability in Marimo was weaponized within 10 hours of disclosure.
Apr 10, 2026 • 03:00 UTC
A precision attack against the npm ecosystem hijacked the Axios maintainer account and published poisoned versions reaching 100M+ weekly downloads.
Apr 01, 2026 • 00:21 UTC
Why organizations need to adopt true shift-left security practices in their development lifecycle.
Nov 13, 2025 • 08:30 UTC
Analysis of a typosquatting attack targeting the Rust crate ecosystem through a malicious fast_log package.
Sep 25, 2025 • 11:00 UTC
A coordinated supply chain attack compromised @ctrl/tinycolor and over 180 NPM packages.
Sep 16, 2025 • 10:30 UTC
Analysis of the eslint-config-prettier supply chain attack that compromised npm packages.
Jul 23, 2025 • 04:00 UTC