On March 24 and 27, 2026, malicious PyPI releases of LiteLLM and Telnyx were published as part of the TeamPCP supply chain campaign. We trace the full campaign from Trivy through npm, Checkmarx, and into PyPI. – Read more
Latest article
Four security principles for agentic AI systems
Agentic AI represents a qualitative shift in how software operates. Traditional software executes deterministic instructions. Generative AI responds to human prompts with...
The democratisation of business email compromise fraud
Welcome to this week’s edition of the Threat Source newsletter.Last weekend, I witnessed a crime. Not a notable crime that you might read about...
How Elite SOCs Cut Escalation Rates by Arming Tier 1 With Better Threat Intelligence
In a mature Security Operations Center, escalation is supposed to work like a scalpel, precise, intentional, and reserved for alerts that genuinely demand deeper...
Identity and AI: Questions of data security, trust and control
The Computer Weekly Security Think Tank considers the intersection of AI and IAM. In this article, learn how AI-driven IAM projects must account for...
