SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...
Dark Reading

Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit

TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx, and the LiteLLM AI library — and all signs point ...
Morning Overview on MSN

Leaked iPhone exploit kit on GitHub targets older iOS versions

An exploit kit known as Coruna has appeared on GitHub, bundling working attack code for several Apple iOS vulnerabilities ...
Dark Reading

GitHub 'OpenClaw Deployer' Repo Delivers Trojan Instead

An AI-assisted campaign is spreading more than 300 poisoned packages for diverse assets ranging from developer tools to game ...