SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

TeamPCP deploys Iran-targeted wiper in Kubernetes attacks

The TeamPCP hacking group is targeting Kubernetes clusters with a malicious script that wipes all machines when it detects ...
Mena FN

European Cloud Provider Puzl.Cloud Open-Sources 'Kubesdk', A Fully Typed, Async-First Python Client For Kubernetes.

(MENAFN- EIN Presswire) EINPresswire/ -- Puzl Cloud, a European cloud infrastructure provider known for its Spike Instances, is open-sourcing its core Kubernetes development tool, kubesdk, a fully ...
InfoWorld

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

Tesla's former VP Andrej Karpathy shares AI coding 'horror', 'Python supply chain attack' that could have wiped millions of SSL private keys, database passwords, mor…

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack \"software ...
HealthcareInfoSecurity

LiteLLM Hit in Cascading Supply-Chain Attack

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...

What is DeerFlow 2.0 and what should enterprises know about this new, powerful local AI agent orchestrator?

The primary condition for use is the technical readiness of an organization’s hardware and sandbox environment.
Hackaday

This Week In Security: Second Verse, Worse Than The First

Isn’t there some claim events come in threes? After the extremely rare leak of the iOS Coruna exploit chain recently, now we have details from Google on a second significant exploit in the ...
Analytics Insight

ML Platform Engineer, Adobe

Adobe is hiring an ML Platform Engineer for its Bengaluru office. The Advertising Cloud Search, Social, Commerce team which ...
SecurityWeek

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack

Aqua Security’s Trivy vulnerability scanner was compromised in a supply chain attack, leading to information-stealing ...
CSO Online

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ ...