A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored package versions.
The post Axios NPM Package Breached in North Korean Supply Chain Attack appeared first on SecurityWeek.
TeamPCP Moves From OSS to AWS Environments
After validating stolen credentials using TruffleHog, the hacking group started AWS services enumeration and lateral movement activities.
The post TeamPCP Moves From OSS to AWS Environments appeared first on SecurityWeek.
Huskeys Emerges From Stealth With $8 Million in Funding
The startup has built an edge security management (ESM) platform, an AI engine atop the entire edge security stack.
The post Huskeys Emerges From Stealth With $8 Million in Funding appeared first on SecurityWeek.
From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI
The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.
The post From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI appeared first on SecurityWeek.
Raven Emerges From Stealth With $20 Million in Funding
Raven’s platform observes applications at runtime to detect anomalous behavior and prevent cyberattacks.
The post Raven Emerges From Stealth With $20 Million in Funding appeared first on SecurityWeek.
API Threats Grow in Scale as AI Expands the Blast Radius
New research shows attackers increasingly abusing APIs at machine speed as AI-driven systems widen exposure and amplify impact.
The post API Threats Grow in Scale as AI Expands the Blast Radius appeared first on SecurityWeek.
Backslash Raises $19 Million to Secure Vibe Coding
The company will use the investment to expand its R&D team and operations, deepen platform capabilities, and scale go-to-market presence.
The post Backslash Raises $19 Million to Secure Vibe Coding appeared first on SecurityWeek.
VS Code Configs Expose GitHub Codespaces to Attacks
VS Code-integrated configuration files are automatically executed in Codespaces when the user opens a repository or pull request.
The post VS Code Configs Expose GitHub Codespaces to Attacks appeared first on SecurityWeek.
Rein Security Emerges From Stealth With $8M, Bringing Inside-Out Protection to AppSec
Rein aims to close the production visibility gap by stopping attacks inside the application runtime.
The post Rein Security Emerges From Stealth With $8M, Bringing Inside-Out Protection to AppSec appeared first on SecurityWeek.
Cyber Insights 2026: API Security – Harder to Secure, Impossible to Ignore
API cybersecurity will be a ping pong ball, battered between the rackets of AI-assisted attackers and AI-assisted defenders.
The post Cyber Insights 2026: API Security – Harder to Secure, Impossible to Ignore appeared first on SecurityWeek.
