September 2025's self-replicating Shai-Hulud npm worm rewrote the supply-chain threat model. Six months later the playbook has been adopted by other actors (TeamPCP, April 2026). Here's the concrete tradecraft, the IOCs that actually fire, and the controls defenders need.
Read More
Langflow’s public‑flow endpoint now a hotbed for RCE – patch or disable it immediately to stop attackers from hijacking your AI workflows.
Read More