Sleeper packages in Ruby and Go steal credentials and alter CI workflows, leading to persistent access and data exfiltration.

The terminal is fine. But if you actually want to live in your Hermes agent, here are the four best GUIs the community has ...

The PCPJack worm targets cloud environments and vulnerable web applications to remove TeamPCP infections and steal ...

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

Four npm packages linked to SAP's Cloud Application Programming Model were hijacked. The hackers added code that steals ...

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...

It has been a bad six weeks for security firm Checkmarx. Over the past 40 days, it has been the victim of at least one supply ...

Info is scant, but such breaches can reveal where a security product's controls are located and how detections are designed, ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

Several SAP npm packages were exposed to a supply chain attack. The hacker group TeamPCP is behind it, say security ...

Trivy is an open source vulnerability scanner maintained by Aqua Security. On March 16, TeamPCP injected credential-stealing ...

CheckMarx confirms March 2026 attack did result in data theft.