#Supply Chain Attack
3 posts
Red Hat npm compromise proves provenance alone is not enough
Red Hat npm compromise proves provenance alone is not enough Red Hat has confirmed that multiple packages published under the @redhat-cloud-services npm namespa...
June 14, 2026
6 min read
Lucas Oliveira
Research
Cisco Breach Shows the Real Cost of the Trivy Supply-Chain Attack
Cisco Breach Shows the Real Cost of the Trivy Supply-Chain Attack The most important lesson from the Trivy incident is that a supply-chain attack on a trusted s...
April 1, 2026
5 min read
Lucas Oliveira
Research
Axios npm compromise pushed a cross-platform RAT through a fake dependency
Axios npm compromise pushed a cross-platform RAT through a fake dependency A compromise of the widely used axios package on npm shows why defenders cannot rely...
April 1, 2026
5 min read
Lucas Oliveira
Research