"We recently identified that we were one of thousands of companies impacted by a supply chain attack involving LiteLLM. Our security team moved promptly to contain and remediate the incident."
"Lapsus$ claimed to have stolen 4 TB of data from Mercor, including 939 GB of source code, and offered to sell the files to the highest bidder."
"High-profile extortion groups like Lapsus$ are now working with TeamPCP, believed to be responsible for the Trivy and LiteLLM supply chain attacks."
"Cisco is aware of the Trivy supply-chain issue affecting the industry and has launched an assessment, stating no evidence of impact on customers or services has been found."
Mercor acknowledged being one of many companies impacted by the LiteLLM supply-chain attack. The company reported a data breach involving the theft of 4 TB of data, including 939 GB of source code, by the Lapsus$ group. Mercor's security team is actively working to contain the incident and is conducting a thorough investigation with third-party forensics experts. The breach is part of a larger trend of high-profile extortion groups collaborating on supply chain attacks, as seen with other companies like Cisco, which is also investigating the Trivy compromise.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]