Official CheckMarx Jenkins package compromised with infostealer
… A company spokesperson confirmed to BleepingComputer that the threat actor obtained credentials to the repositories from the Trivy supply-chain attack in March. …
Search
Related topics:
Trivy
Tracked topic
Trivy
Trivy is an open source vulnerability scanner for container images, files, and code that detects known security issues in software dependencies.
GitHub investigates internal repositories breach claimed by TeamPCP
… The Trivy breach also affected the LiteLLM open-source Python library in an attack that infected tens of thousands of devices with its "TeamPCP Cloud Stealer" information-stealing malware. …
18-year-old NGINX vulnerability allows DoS, potential RCE
…The Linux distribution maintainers confirmed that crashing NGINX worker processes via a crafted request is trivial and reliable, making denial-of-service attacks realistic. However, they stated that turning the heap overflow…
New PCPJack worm steals credentials, cleans TeamPCP infections
… TeamPCP is a cloud-focused threat group known for high-profile supply-chain breaches against Aqua Security’s Trivy scanner, the LiteLMM and Telnyx PyPI packages, and more recently, SAP npm packages . …
OpenAI confirms security breach in TanStack supply chain attack
… Download Now Related Articles: TeamPCP hackers advertise Mistral AI code repos for sale Official SAP npm packages compromised to steal credentials Shai Hulud attack ships signed malicious TanStack, Mistral npm packages Bitwarden CLI npm package compromised to steal developer credentials Trivy vulne… …