Dark Reading

Claude Source Code Leak Highlights Big Supply Chain Missteps

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.
Circuit Digest

Hand Gesture Control Robot Using OpenCV

Gesture control robotics replaces traditional buttons and joysticks with natural hand movements. This approach improves user ...

Meta's new structured prompting technique makes LLMs significantly better at code review — boosting accuracy to 93% in some cases

This technique can be used out-of-the-box, requiring no model training or special packaging. It is code-execution free, which ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

CardSight AI Deploys Full Slab Grade Identification Across Five Grading Companies, Launches Market Pricing Data in Beta

Platform now identifies grading company and grade for PSA, Beckett, SGC, CGC, and TAG slabs; new pricing endpoints ...
CSO Online

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ ...

Claude Code's source code appears to have leaked: here's what we know

The leak provides competitors—from established giants to nimble rivals like Cursor—a literal blueprint for how to build a ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
Live Science

New AI image generator runs using 10 times fewer steps than today's best models — and it's coming to smartphones and laptops

Researchers have developed an AI image generator that produces images in just four steps, rather than dozens. This could bring fast, private image generation directly to consumer devices. When you ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
Security Boulevard

The Trivy Supply Chain Compromise: What Happened and Playbooks to Respond

On March 19, 2026, a threat actor known as TeamPCP compromised Aqua Security’s Trivy vulnerability scanner – the most widely adopted open-source scanner in the cloud-native ecosystem. The attacker ...