Advertisement
Axios NPM Compromise: Supply Chain Threat Analysis
Analysis of the Axios NPM package compromise, a potential supply chain attack impacting JavaScript HTTP client library users, possibly by North Korean threat actors.
Cisco Source Code Stolen: Trivy Supply Chain Attack Leads to Breach
Threat actors breached Cisco's dev environment using credentials from a Trivy supply chain attack, stealing proprietary and customer source code. Learn the impact and
CVE-2026-3502: TrueConf Zero-Day Exploited in Asia Gov Attacks
TrueConf video conferencing zero-day [CVE-2026-3502] exploited to distribute tampered updates to Southeast Asian government networks in 'TrueChaos' campaign.
Axios npm Package Hijacked: Cross-Platform Malware Distribution
Analysis of the Axios npm package hijack distributing remote access trojans to Linux, Windows, and macOS systems. Learn to protect your software supply chain.
TeamPCP Supply Chain Campaign: Weaponized Scanners and PyPI Compromise
Analysis of the TeamPCP campaign transition to monetization following the Telnyx PyPI compromise and Vect ransomware partnership affecting security tools.
TeamPCP Supply Chain: Checkmarx Wider Scope & LiteLLM PyPI Compromise
An update on the TeamPCP supply chain campaign details wider Checkmarx impact, LiteLLM PyPI compromise, and a CISA KEV entry.
CVE-2026-33634: Aqua Trivy Embedded Malicious Code — Patch Now
CISA adds CVE-2026-33634, an Aqua Security Trivy Embedded Malicious Code Vulnerability, to KEV catalog due to active exploitation.
TeamPCP Supply Chain Attacks Target Docker Hub, PyPI, and VS Code
TeamPCP expands supply chain attack tactics from GitHub Actions to Docker Hub, PyPI, and VS Code extensions, collaborating with the Lapsus$ hacking group.
Checkmarx KICS & VS Code Plugin Targeted in Supply Chain Attack
TeamPCP exploited Checkmarx KICS, VS Code plugins, and LiteLLM in a supply chain attack targeting code scanners and AI libraries, indicating expanding threats.
LiteLLM PyPI Supply Chain Attack: TeamPCP Steals Credentials
TeamPCP compromised the LiteLLM PyPI package, backdooring it to steal credentials and auth tokens from hundreds of thousands of devices.
Trivy Supply Chain Attack Targets CI/CD Secrets in DevOps Workflows
A supply chain attack leveraged the Trivy security tool to deploy an infostealer within CI/CD pipelines, compromising cloud credentials and sensitive secrets.
trivy-action Supply Chain Attack: Scattered Swarm Steals GitHub Secrets
Analysis of the trivy-action supply chain compromise by Scattered Swarm. Learn how GitHub runner secrets were stolen and critical mitigation steps.