#teampcp

[ follow ]
#cybersecurity #malware #data-breach #shinyhunters #supply-chain-attack #open-source #open-source-software
#cybersecurity
fromTNW | Eu
2 weeks ago
Information security

European Commission breached after hackers poisoned open-source security tool Trivy

fromTechCrunch
2 weeks ago
EU data protection

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

fromThe Hacker News
3 weeks ago
Information security

TeamPCP Backdoors LiteLLM Versions 1.82.7-1.82.8 Likely via Trivy CI/CD Compromise

TeamPCP compromised the litellm Python package, embedding malicious versions that include a credential harvester and a persistent backdoor.
Information security
fromTNW | Eu
2 weeks ago

European Commission breached after hackers poisoned open-source security tool Trivy

A major data breach at the European Commission was caused by TeamPCP exploiting a supply chain attack on the Trivy security tool.
EU data protection
fromTechCrunch
2 weeks ago

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

A cybercriminal group known as TeamPCP hacked the EU's executive body, stealing 92 gigabytes of data, including personal information.
Information security
fromSecurityWeek
3 weeks ago

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

TeamPCP hacking group expanded its attacks to multiple platforms, exploiting vulnerabilities and compromising credentials for malicious purposes.
Information security
fromThe Hacker News
3 weeks ago

TeamPCP Backdoors LiteLLM Versions 1.82.7-1.82.8 Likely via Trivy CI/CD Compromise

TeamPCP compromised the litellm Python package, embedding malicious versions that include a credential harvester and a persistent backdoor.
more#cybersecurity
Information security
fromFortune
2 weeks ago

Mercor, a $10 billion AI startup, confirms it was caught up in a major security incident | Fortune

Mercor confirmed a security breach linked to a supply chain attack that may have exposed sensitive data of its customers.
fromSecurityWeek
2 weeks ago

Telnyx Targeted in Growing TeamPCP Supply Chain Attack

The WAV file is a valid audio file. It passes MIME-type checks. But the audio frame data contains a base64-encoded payload. Decode the frames, take the first 8 bytes as the XOR key, XOR the rest, and you have your executable or Python script.
Python
fromArs Technica
3 weeks ago

Self-propagating malware poisons open source software and wipes Iran-based machines

CanisterWorm, as Aikido has named the malware, targets organizations' CI/CD pipelines used for rapid development and deployment of software. Every developer or CI pipeline that installs this package and has an npm token accessible becomes an unwitting propagation vector.
Information security
Information security
fromThe Hacker News
2 months ago

TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure

A worm-driven TeamPCP campaign exploited exposed cloud-native services and React2Shell to build malicious infrastructure for data theft, extortion, ransomware, and crypto mining.
[ Load more ]