After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...
Aqua Security’s Trivy vulnerability scanner was compromised in a supply chain attack, leading to information-stealing ...
If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ ...
LiteLLM Attack: How a Hacked Security Tool Became a Master Key to Thousands of AI Developer Machines
On the morning of March 24, 2026, tens of thousands of software developers working on AI applications were unknowingly exposed to malware.
Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...
On March 19, 2026, a threat actor known as TeamPCP compromised Aqua Security’s Trivy vulnerability scanner – the most widely adopted open-source scanner in the cloud-native ecosystem. The attacker ...
What's CODE SWITCH? It's the fearless conversations about race that you've been waiting for. Hosted by journalists of color, our podcast tackles the subject of race with empathy and humor. We explore ...
Every time Lee Chong Ming publishes a story, you’ll get an alert straight to your inbox! Enter your email By clicking “Sign up”, you agree to receive emails ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results