The Next Web

Hackers breached the European Commission by poisoning the security tool it used to protect itself

CERT-EU has attributed a major data breach at the European Commission to cybercrime group TeamPCP, which exploited a supply chain attack on the open-source security tool Trivy to steal 92 GB of ...
InfoQ

Open Source Security Tool Trivy Hit by Supply Chain Attack, Prompting Urgent Industry Response

A major security incident affecting the widely used open source vulnerability scanner Trivy has exposed critical weaknesses in software supply chain security, after maintainers confirmed that a ...
Network World

CERT-EU blames Trivy supply chain attack for Europa.eu data breach

The European Union’s Computer Emergency Response Team, CERT-EU, has traced last week’s theft of data from the Europa.eu platform to the recent supply chain attack on Aqua Security’s Trivy open-source ...
cybernews

European Commission breach linked to Trivy attack, 29 EU entities at risk

Hackers who breached the European Commission appear to have gotten in through the Trivy supply-chain attack – not a direct hit on AWS. The stolen data did not stop at one cloud account, with CERT-EU ...
SDxCentral

Cisco source code breach leaks AI projects and AWS credentials

Cisco source code including AI codebases were exposed in a more modern type of cybersecurity breach against the network vendor. According to Bleeding Computer, Cisco’s development environment was ...
Forbes

Major Security Breach Of Critical AI Dependency Exposes Cloud Secrets

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. AI and data interface, representing system warning alert, cybersecurity threat, data error, ...
HHS

LiteLLM Hit in Cascading Supply-Chain Attack

A threat actor pushed two malware-laced versions of LiteLLM to a central repository where Python developers fetch open-source packages. The packages were downloaded 47,000 times in 46 minutes before ...
Forbes

These Hackers Launched A ‘Nightmare’ Attack On AI Developers

TeamPCP hackers tell Forbes that AI helped them launch a devastating spree of attacks. But they wouldn’t have succeeded if developers’ security hadn’t been so weak in the first place. TeamPCP hackers ...
CSOonline

Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave

Socket and Wiz confirm widespread credential theft and worm‑like propagation, with cached malicious Trivy artifacts still circulating across mirror infrastructure despite takedowns. What started as a ...
InfoWorld

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed. PyPI is ...
TechRadar

Top LLM PyPl package compromised to steal user details - here's what we know

Aqua Security’s Trivy vulnerability scanner compromise is trickling down When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Popular Python package ...