Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...