Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as it moves through developers' environments, and it shares significant overlap ...

Joe Supan is a senior writer for CNET covering home technology, broadband, and moving. Prior to joining CNET, Joe led MyMove's moving coverage and reported on broadband policy, the digital divide, and ...

TeamPCP hackers tell Forbes that AI helped them launch a devastating spree of attacks. But they wouldn’t have succeeded if developers’ security hadn’t been so weak in the first place. TeamPCP hackers ...

Contractors said in at least five lawsuits that AI training startup Mercor exposed their data to hackers. Mercor said last week it was "impacted" by compromised LiteLLM software. One of the suits ...

The most active piece of enterprise infrastructure in the company is the developer workstation. That laptop is where credentials are created, tested, cached, copied, and reused across services, bots, ...

Meta has paused its work with Mercor and is investigating after a data breach, a person familiar said. Mercor confirmed to Business Insider that it was recently affected by a security incident. Mercor ...

Meta has paused all its work with the data contracting firm Mercor while it investigates a major security breach that impacted the startup, two sources confirmed to WIRED. The pause is indefinite, the ...

Sophisticated cyberattacks targeting a variety of open source projects, including the Trivy security-scanner project, the widely used Axios Javascript package, and now Anthropic's accidental ...

The AI recruiting firm is investigating the incident as Lapsus$ claimed the theft of 4TB of Mercor data. AI recruiting firm Mercor has disclosed impact from the recent LiteLLM supply chain attack, ...

Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to ...

Mercor, a popular AI recruiting startup, has confirmed a security incident linked to a supply chain attack involving the open source project LiteLLM. The AI startup told TechCrunch on Tuesday that it ...