Supply Chain Security
Chinese Circuit Boards in U.S. AI Accelerators Trigger National Security Review
Federal investigators discover 60% of AI hardware relies on Chinese-manufactured PCBs, exposing a supply chain vulnerability below chip-level controls as infrastructure costs surge 40%.
Longest-Running Supply Chain Poisoning Campaign Hits GitHub, 3,800 Repos Stolen
TeamPCP's self-replicating worm compromised seven waves of open-source infrastructure in nine weeks, evading every CVE scanner and provenance system in production.
China threatens EU retaliation as Brussels expands trade restrictions
Beijing's control over critical minerals and manufacturing supply chains gives it asymmetric leverage as Europe accelerates regulatory assertiveness on EVs, semiconductors, and cybersecurity.
Nx Console VS Code Extension Compromised in Supply Chain Attack Targeting Developer Credentials
Malicious v18.95.0 harvested cloud secrets and SSH keys from enterprise development environments during 11-minute window on Microsoft Marketplace.
TanStack Supply Chain Attack Exploited GitHub Actions to Publish 84 Malicious npm Packages in Six Minutes
Coordinated breach weaponised OIDC tokens and CI/CD automation to compromise 42 packages with credential-harvesting payloads, exposing structural flaws in trusted publishing.
TeamPCP Compromises 170+ npm Packages in Coordinated AI Infrastructure Attack
Supply chain assault targets Mistral AI, TanStack, UiPath, and OpenSearch in first npm worm producing valid security provenance
AI-Powered No-Code Platforms Are Mass-Producing Data Breaches
Thousands of applications built with Lovable, Replit, and similar services ship with exposed databases, hardcoded credentials, and missing authentication—creating a systemic enterprise security crisis.
What Is a Zero-Day Exploit and Why Does It Matter?
Unpatched security flaws unknown to vendors are the highest-value weapons in cyber operations—and AI is changing how fast they're discovered and deployed.
US Officials Eye Three-Day Patch Mandate as AI Weaponizes Zero-Days Faster Than Vendors Can Respond
CISA and National Cyber Director weigh compressing federal patching timelines from 21 days to 72 hours after Chinese and Russian AI-powered campaigns sustain 18-month persistence windows.
cPanel Zero-Day Gave Attackers Root Access to 70 Million Domains for 30+ Days
CVE-2026-41940 authentication bypass enabled unauthenticated root access to shared hosting infrastructure while cPanel held disclosure for two weeks.
U.S. Mint sold cartel-sourced Colombian gold as American for two decades
New York Times investigation reveals Treasury never enforced domestic sourcing law, allowing drug trafficking proceeds to enter sovereign coin supply chain through refinery loopholes.
WordPress Plugin Supply Chain Attack Exposes Hundreds of Thousands of Sites
Attacker purchased 31 plugins through marketplace, planted backdoors, then waited eight months before activation—revealing critical gaps in open-source vendor vetting.