A global phishing campaign targeting Microsoft 365 bypasses security codes using a legitimate login feature, impacting ...

New AI-powered scanner -- who-touched-my-packages -- detects zero-day malicious packages and credential exfiltration in seconds BOSTON, March 26, 2026 /PRNewswire/ -- Point Wild, a leading global ...

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...

TeamPCP hackers say AI helped them launch a devastating spree of attacks. But they wouldn’t have succeeded if developers’ security hadn’t been so weak in the first place.

Threats actors pounced on the vulnerability within hours of its disclosure, demonstrating that organizations have little time to address critical bugs.

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB of data.

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed.

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...

Supply chain attacks feel like they're becoming more and more common.

A phishing campaign targeting healthcare, government, hospitality, and education sectors uses several evasion techniques to avoid detection.

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ Trivy maintainer says.

Hey everyone, welcome back to Waw Creator! In this video, I will show you how to make a diorama set in the Amazon rainforest. a survival battle between giant anaconda and crocodile. As usual, I will ...