SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
Infosecurity Magazine

TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise

A widely used Python package with more than 95 million monthly downloads has been compromised with credential-stealing ...
CSO Online

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ ...
SecurityWeek

Telnyx Targeted in Growing TeamPCP Supply Chain Attack

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.
The Next Web

IBM Cloud, Nutanix, SUSE, and OVHcloud have all independently chosen Traefik as their Ingress NGINX replacement

The Kubernetes community retired Ingress NGINX this month after years of under-resourcing. The migration scramble it ...

Traefik Becomes the De Facto Standard for Kubernetes Networking as Major Platform Vendors Migrate from Ingress NGINX

IBM Cloud, Nutanix, OVHcloud, SUSE, TIBCO, and others standardize on Traefik Proxy, the only open source drop-in replacement for ingress NGINX with over 90% annotation coverage, as the ...
Krebs on Security

‘CanisterWorm’ Springs Wiper Attack Targeting Iran

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm ...
CSO Online

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...
The Hacker News

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.
MUO on MSN

I wanted a lightweight self-hosted Google Drive alternative — this single-binary web app is almost perfect

This tiny app replaces Google Drive entirely.

OpenClaw can bypass your EDR, DLP and IAM without triggering a single alert

Six security teams shipped six OpenClaw defense tools in 14 days. Three attack surfaces survived: runtime semantic ...