On May 11, 2026, a self-replicating worm called Mini Shai-Hulud quietly slipped into 42 widely used TanStack open-source ...

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...

On April 29, 2026, someone hijacked four widely used SAP packages on the npm registry, slipped credential-stealing malware ...

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million weekly downloads. The North Korean state actor Sapphire Sleet compromised the ...

Support our Mission. We independently test each product we recommend. When you buy through our links, we may earn a commission. Any smart business knows what business it’s in. Shot Scope, along with ...

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

New attack waves from the ‘PhantomRaven’ supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers. The campaign ...

NEW YORK, March 9 (Reuters) - Anthropic on Monday filed a lawsuit to block the Pentagon from placing it on a national security blacklist, escalating the artificial intelligence lab’s high-stakes ...

The March/April 2026 issue of Supply Chain Management Review examines how supply chain leaders are managing supplier risk, circular supply chain design, AI-driven retail planning, CPG network ...

There is an inherent weakness in international supply chains that pass through two bottlenecks in a region prone to civil war and pirate attacks – the Suez Canal for 30% of global ocean container ...