SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.

OpenAI is putting ChatGPT, its browser and code generator into one desktop app

OpenAI is developing a “super app” for desktop that unifies ChatGPT, its browser and its Codex app, according to the Wall ...
Dark Reading

Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit

TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx, and the LiteLLM AI library — and all signs point ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...

Self-propagating malware poisons open source software and wipes Iran-based machines

A new hacking group has been rampaging the Internet in a persistent campaign that spreads a self-propagating and never-before ...