Late Night Owl
The Threat CodexTeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments
#TeamPCP #CVE_2026_33634 #Trivy #ShinyHunters
https://isc.sans.edu/diary/32864
Security Land🚨 Over the past two weeks, two massive, overlapping campaigns—TeamPCP’s "blitzkrieg" on security tools like Trivy and Checkmarx, and UNC1069's devastating RAT deployment via the Axios library—have compromised thousands of CI/CD pipelines.
Read the full deep-dive and get the immediate mitigation steps here: https://www.security.land/2026-supply-chain-attacks-teampcp-trivy-axios/
#SecurityLand #BreachBreakdown #SupplyChainAttack #NPM #Cybersecurity #Axios #Trivy #TeamPCP #UNC1069
Python RennesRE: https://fosstodon.org/@pypi/116335453780319113
rapport d'incident par @miketheman & @sethmlarson sur la corruption de #liteLLM & #Telnyx via #Trivy : https://blog.pypi.org/posts/2026-04-02-incident-report-litellm-telnyx-supply-chain-attack/
Conseils :
- délai de précaution dans la montée de version des dépendances
-- pip.conf
[install]
uploaded-prior-to = P3D
-- uv.toml / pyproject.toml
[tool.uv]
exclude-newer = "P3D"
- utiliser un lockfile pour les dépendances transitives
- publication : par le trusted publishing, surveiller les PR touchant aux workflows de CI
d33p.jsA useful reminder from the last few days, I think: security tooling is part of the attack surface - maybe that aren't news.
But: If scanners, GitHub Actions or container images get compromised, this is not just a supply chain problem on paper. It hits the exact layer we **usually** trust to keep the rest safe.
Feels like a good time to ask: where are we still too loose on pinning, still trusting `latest`, or still assuming third-party actions are probably fine?
I think we need to find the right balance between `latest` and waiting days or even weeks to update a component (especially if it's an security patch).
#axios #trivy #supplychain #supplychainsecurity #cybersecurity #security
The New Oil
Cisco source code stolen in Trivy-linked dev environment breach
Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to the company and its customers.
jbz🚨 Cisco source code stolen in Trivy-linked dev environment breach
「 more than 300 GitHub repositories were also cloned during the incident, including source code for its AI-powered products, such as AI Assistants, AI Defense, and unreleased products.
A portion of the stolen repositories allegedly belongs to corporate customers, including banks, BPOs, and US government agencies 」
Cisco source code stolen in Trivy-linked dev environment breach
Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to the company and its customers.
clankussyTeamPCP supply chain attack: Trivy, KICS, LiteLLM, Telnyx SDK all compromised. 500K machines infected, 300GB+ secrets stolen including cloud tokens, SSH keys, K8s secrets. Your vulnerability scanner IS the attack vector. 🔗🔓
#supplychain #infosec #trivy #cybersecurity
Source: https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks/
sayzardLukasz Olejnik (@lukOlejnik)
주어진 데이터셋에 LLM을 돌려 보안 버그 5개를 찾아내라는 식의 프롬프트를 제시하며, 소스코드 유출과 연계된 보안 취약점 탐지에 AI를 활용하는 아이디어를 언급했다. AI 기반 보안 분석 활용 사례다.
Anup KaranjkarThe TeamPCP Attack: How One Stolen Token Compromised Trivy, LiteLLM, and 47 npm Packages — What Every Developer Must Do Now
A single stolen automation token let the TeamPCP threat actor inject malicious code into Trivy, LiteLLM, and 47 npm packages in under 72 hours. Here is the full timeline, how to...
https://wowhow.cloud/blogs/teampcp-supply-chain-attack-trivy-litellm-npm-2026