Exclusive: Chainguard extends Repository scanning and policies to Java, Python and containers

Secure software supply chain solution provider Chainguard Inc. today expanded its Chainguard Repository product with malware ...
startupfortune

Aether AI raises $20 million to bet the next AI ceiling is causality, not compute

Aether AI, founded by UCSD professor Biwei Huang, closed a $20 million seed round on June 18, 2026 to build causal world models that understand cause-and-effect relationships rather than statistical ...
Dark Reading

TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack

TeamPCP's extensive supply chain campaign continued this week, as the cybercriminal group compromised several SAP npm packages in a "Mini Shai Hulud" attack. The compromised packages went live ...
Ars Technica

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...
Supply Chain Management Review

UPS RFID rollout signals next phase of supply chain visibility

UPS announced at the recent Modex conference in Atlanta the expansion of RFID-based package sensing across its entire network. While UPS claims it is the first rollout of RFID sensing across an entire ...
Homeland Security Today

Supply Chain Compromise Impacts Axios Node Package Manager , CISA Alert Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm). 1 ...
Women's Wear Daily

UPS Bets on RFID to Deliver ‘Most Significant’ Visibility Upgrade

UPS is going all in on RFID. The logistics giant has invested more than $100 million in projects to roll out the technology across its network, the company revealed on Tuesday. “With RFID embedded ...
CNN

North Korean hackers bug software used by thousands of US companies in potential crypto heist attempt

Suspected North Korean hackers have bugged a software package that has been used by thousands of US companies in a major supply-chain attack that could take months to recover from, security experts ...
CoinTelegraph

Supply chain attack hits Axios npm releases, users urged to rotate keys

Security companies flagged axios@1.14.1 and 0.30.4 as compromised, urging credential rotation and rollback of affected packages. Update March 31, 2026, 1:28 pm UTC: This article has been updated to ...
Infosecurity-magazine.com

TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack

TeamPCP has again expanded its supply chain attacks on open-source repositories by targeting Telnyx, according to security researchers. The cyber threat group recently rose to notoriety by uploading ...
Infosecurity-magazine.com

TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise

A widely used Python package with more than 95 million monthly downloads has been compromised with credential-stealing malware, expanding the ongoing supply chain campaign linked to the TeamPCP threat ...
Supply Chain

Amazon to Slash USPS Package Delivery Volumes

Amazon is planning to cut its package delivery volumes with the U.S. Postal Service by at least two-thirds by September, as the e-commerce giant pulls back on one of its largest partnerships.