Latest incident:GitHub Advisory malware sweep — ~155 npm packages (logger/tailwind/eslint/bignumber typosquats, polymarket-onchain-* crypto-drainers) taken down 2026-07-06 (6 Jul 2026)
Submit an incident

Seen a supply-chain compromise we've missed?

Send us the details. Our intelligence team triages each report against the original vendor source. If it checks out, we add it to the feed within < 2 hours.

A short, factual summary. Example: “axios npm compromise (March 2026)”.

The original vendor advisory or post that reported the compromise. We'll add https:// if you leave it off — e.g. www.wiz.io/blog/some-post works.

One per line, in the form name@version. Multiple versions of the same package on separate lines.

Payload behaviour, IOCs, attribution, anything that helps us triage.

Optional. For credit / follow-up.

Optional. We only use it to reply.

We'll only contact you if we have follow-up questions about this submission.