In its April 23 update, Vercel disclosed customer accounts compromised prior to and independently of the Context.ai incident. Covering the Lumma Stealer infection path, the ShinyHunters $2M BreachForums listing, and what non-sensitive environment variables actually mean.
Vercel's official incident disclosure published on April 19, 2026. A walk-through of how a compromise of Context.ai's Google Workspace OAuth app led to Vercel employee account takeover and access to environment variables in some customer projects, plus the checks users should run right now.
The latest GlassWorm wave bundles Zig-compiled native binaries in an Open VSX extension and silently installs a second-stage payload across VS Code, Cursor, Windsurf, VSCodium, and Positron.
A CVSS 9.3 unauthenticated RCE in the Marimo Python notebook was exploited within hours of advisory disclosure. Meanwhile, Astral published its comprehensive supply chain security posture for uv and ruff, covering CI/CD pipeline hardening, Trusted Publishing, and Sigstore attestation.
A security scan of 50 open-source MCP servers found 61% lacked input validation. This article covers real vulnerabilities in high-profile servers like Playwright MCP and Puppeteer MCP, and examines when to skip MCP entirely and use CLI tools directly.
36 malicious npm packages disguised as Strapi CMS plugins were published by 4 sock-puppet accounts. 8 payload variants deployed Redis crontab injection, PostgreSQL direct access, reverse shells, and persistent implants. The target appears to be crypto exchange Guardarian.
Follow-up to the axios compromise. Public reporting from GitHub, Socket, Google, and Microsoft shows UNC1069/Sapphire Sleet used the same social-engineering playbook against maintainers tied to Mocha, Fastify, Lodash, dotenv, and Node.js core.
The axios postmortem from maintainer Jason Saayman lays out the full social-engineering chain: a fake company Slack workspace, a fake Teams meeting, and a RAT that took over the machine. 2FA and OIDC were both bypassed.
A summary of how source maps bundled in the Claude Code npm package made over 510k lines of TypeScript visible, and how a branch-name command injection in OpenAI Codex could have allowed theft of GitHub tokens.
Cloudflare added a two-stage GNN+LLM cascade to its client-side malicious script detection, reducing false positives per unique script from 1.39% to 0.007% and opening the formerly paid Advanced features to self-serve customers.
A fake dependency plain-crypto-js was injected into axios 1.14.1 and 0.30.4 to install a RAT dropper via a postinstall hook. Complete attack chain from maintainer account compromise to C2 communication and self-deletion.