Cybersecurity

Are Microsoft Signed Packages Safe? 73 Were Not

What Actually Happened: 73 Signed Packages, One Nasty Surprise Late last week, 73 open source packages published under…

Jun 26, 2026  ·  9 min read

Cybersecurity

Nested Package Managers Are a Supply Chain Risk Nobody Tracks

The Trick That Started It All: A Loop Nobody Asked For Engineer Mike Fiedler set out to close…

Jun 13, 2026  ·  8 min read

Cybersecurity

Software Supply Chain Attacks Are Now an Industrial Threat

From Rare Nightmare to Near-Weekly Reality: What Changed For years, a software supply chain attack occupied a specific…

May 24, 2026  ·  8 min read

Cybersecurity

Megalodon Compromised 5,561 GitHub Repos in Six Hours

What Actually Happened: Scale, Speed, and Surgical Precision On May 18, 2026, an automated campaign named Megalodon compromised…

May 24, 2026  ·  9 min read

Cybersecurity

Supply Chain Attacks Are Now Industrialized—Here’s the Threat

From Rare Nightmare to Routine Business: How Supply Chain Attacks Went Industrial For most of its history, the…

May 24, 2026  ·  8 min read

Cybersecurity

AI Agent Marketplaces Have a 13% Critical Vulnerability Rate

The dirty secret of AI agent marketplaces: a 13% critical vulnerability rate More than one in eight skills…

May 20, 2026  ·  8 min read

Cybersecurity

Long Beach Port Blocks a Cyberattack Every 3 Seconds

The Threat Is Not Theoretical — It’s Happening Every Three Seconds At a May 15 media briefing, Port…

May 18, 2026  ·  8 min read

Cybersecurity

Element-Data Breach Exposes Open Source AI Supply Chain Risk

What Actually Happened: Beyond the Headlines The attackers never touched element-data’s servers directly. Instead, they exploited a vulnerability…

May 18, 2026  ·  9 min read