Attention: You are using an outdated browser, device or you do not have the latest version of JavaScript downloaded and so this website may not work as expected. Please download the latest software or switch device to avoid further issues.
| 7 Apr 2026 | |
| Written by Gabi Gerber | |
| Attacks & Threats |
| Security Operation Center, Hacking Topics |
Sophisticated cyberattacks targeting a variety of open source projects, including the Trivy security-scanner project, the widely used Axios Javascript package, and now Anthropic's accidental publishing of source code for its flagship Claude Code — all in a 10-day period — underscore a worrying trend of own-goal risks posed to software supply chains.
Attackers exploited a misconfigured GitHub Action in Trivy and the failure of the development team to recover from the incident to capture the needed credentials for pushing out malicious code. A compromise of the lead maintainer's account for Axios led to backdoor-installing Trojans landing in development environments. Other breaches include the KICS static-code analyzer maintained by cybersecurity firm Checkmarx, the open source LiteLLM Python library. And now, human error this week led to the publishing of more than a half million lines of the source code for Anthropic's Claude Code npm package. Read more here
In a new report from the Cloud Security Alliance (CSA), experts warn of an "AI vulnerability storm" triggered by the introduction of Anthropic's Claude Mythos. More...
Its Mythos Preview model, which can allegedly find and exploit critical zero-days, also comes with certain controls, the… More...
The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromis… More...
Microsoft says the financially motivated cybercrime group has exploited N-day and zero-day vulnerabilities in campaigns … More...
The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly… More...
In a new report from the Cloud Security Alliance (CSA), experts warn of an "AI vulnerability storm" triggered by the introduction of Anthropic's Claude Mythos. More...
Its Mythos Preview model, which can allegedly find and exploit critical zero-days, also comes with certain controls, the… More...
The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromis… More...
Microsoft says the financially motivated cybercrime group has exploited N-day and zero-day vulnerabilities in campaigns … More...
Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer. More...
