#supply-chain
8 articles exploring supply-chain. Expert insights and analysis from our editorial team.
Articles
InstructLab CVE-2026-6859: Hardcoded trust_remote_code=True Turns Any [HuggingFace Model Into RCE](/articles/picklescan-1-0-4-patches-a-cvss-10-0-pkgutil-resolve-name-bypass-and-six/)
InstructLab CVE-2026-6859 hardcodes trust_remote_code=True in transformers, enabling RCE from any HuggingFace repo. Existing supply-chain scanners cannot detect this vector.
Mercor Breach: 4TB of AI Trainer Voice Samples Stolen from 40,000 Contractors
The Mercor breach shows how AI vendors classify [contractor voice recordings](/articles/mercors-4tb-lapsus-breach-hands-voice-clone-attackers-40-000-pre-verified/) as work product rather than biometric data, leaving 40,000 people with no way to revoke stolen.
Mercor's 4TB Lapsus$ Breach Hands Voice-Clone Attackers 40,000 Pre-Verified Targets
Mercor's LiteLLM breach exposed interviews with IDs and 2-5 minute voice samples, collapsing the cost of voice-clone phishing by pairing clean audio with verified identities.
Bitwarden CLI Compromise Extends the Checkmarx [Supply-Chain Campaign](/articles/vercels-april-2026-database-leak-pivoted-from-lumma-stealer-at-context-ai-via/) to Credential Tooling
A trojanized @bitwarden/cli release spent 93 minutes on npm April 22. The Checkmarx-themed payload harvested credentials via preinstall hook, exposing vault session tokens.
March-April MCP CVEs Expose the Local-Host Trust Model (see also [local-host trust model](/articles/hugging-face-lerobot-cve-2026-25874-unauthenticated-pickle-loads-rce-in-grpc/)) in AI Agent Frameworks
Three CVEs scoring up to 9.8 reveal a structural flaw: MCP's local-host trust model lacks authentication primitives for networked multi-tenant deployments.
Marimo's CVE-2026-39987: 9h41m From Disclosure to Exploitation, NKAbuse Staged on Hugging Face
Marimo CVE-2026-39987 was exploited 9h41m after disclosure, with 662 events and a NKAbuse backdoor staged on Hugging Face. Same-day patching is the new minimum for AI tooling.
TeamPCP Backdoored LiteLLM via a Poisoned CI Scanner: What It Means for Every AI Python Stack
TeamPCP stole LiteLLM's PyPI token through a compromised Trivy GitHub Action, shipping credential-stealing releases to 36% of monitored cloud environments.
The 2026 OSSRA Report: AI Coding Tools Are Behind a 107% Surge in Open-Source Vulnerabilities
Black Duck's 2026 OSSRA found 581 mean vulnerabilities per codebase — double last year. Here's what's driving it and how to audit your own repo.