The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

After a researcher flagged the issue on March 31, the code spread rapidly across public repositories, raising new questions ...

Compliance continues to drive adoption of trusted open source: We saw the same themes from December present here, underscored ...

IntroductionOn March 31, 2026, Anthropic accidentally exposed the full source code of Claude Code (its flagship ...

Anthropic is trying to remove details about its coding agent from GitHub, but programmers are converting the code into ...

Anthropic’s leak of proprietary Claude Code sparked the developer community to group around “claw-code,” the fastest-growing ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

Anthropic accidentally exposed over half a million lines of its Claude Code, triggering a rapid global effort to copy and ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Isn’t there some claim events come in threes? After the extremely rare leak of the iOS Coruna exploit chain recently, now we have details from Google on a second significant exploit in the ...

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...