Search

theregister.com › security › 2026 › …

LiteLLM infected with credential-stealing code via Trivy

… The software was subverted on March 19, when attackers referred to as TeamPCP used compromised credentials to publish a malicious Trivy release v0.69.4 , and again on March 22, when malicious Trivy versions v0.69.5 and v0.69.6 were published as DockerHub images. …

Mar 24, 2026 · Thomas Claburn

theregister.com › special-features › 2026 › …

1K+ cloud environments infected via Trivy attack

… Socket and Google-owned Wiz researchers over the weekend determined that the attack compromised multiple components of the Trivy project: the core scanner, the trivy-action GitHub Action, and the setup-trivy GitHub Action, and force-pushed 75 out of 76 trivy-action tags to malicious versions, meani… …

Mar 24, 2026 · Jessica Lyons

theregister.com › security › 2026 › …

Mercor says it was 'one of thousands' hit in LiteLLM attack

… Following a report that TeamPCP also breached Cisco's internal development environment and stole source code from credentials swiped via the Trivy attack, Cisco told The Register that it is "aware of the Trivy supply-chain issue that is affecting the industry." MORE CONTEXT 1K+ cloud environments i… …

Apr 2, 2026 · Jessica Lyons

theregister.com › security › 2026 › …

Two different attackers poisoned popular open source tools

… Then, just two weeks after Trivy, another supply chain attack hit a different open-source library. …

Apr 11, 2026 · Jessica Lyons

theregister.com › security › 2026 › …

Telnyx package latest hit in PyPI supply-chain compromise

Cyber-crime Telnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach Also, EU probes Snapchat, RedLine suspect extradited, AstraZeneca leak claim surfaces, and more INFOSEC IN BRIEF The cybercrime crew linked to the Trivy supply-chain attack has struck again, this time pushing mal… …

Mar 30, 2026 · Brandon Vigliarolo

theregister.com › security › 2026 › …

Fake Linux Foundation leader using Slack to phish devs

… First, attackers hit Trivy , a vulnerability scanner with more than 100,000 users and contributors that is embedded in thousands of CI/CD pipelines. …

Apr 13, 2026 · Jessica Lyons

theregister.com › security › 2026 › …

Gartner suggests Friday afternoon Copilot ban

…be even more exhausted by then, because securing Microsoft’s AI helper is not a trivial job Gartner analyst Dennis Xu has half-jokingly suggested banning use of Microsoft’s Copilot AI…

Mar 17, 2026 · Simon Sharwood

theregister.com › security › 2026 › …

CISA tells feds to patch 13-year-old Apache ActiveMQ bug

…many deployments still rely on default credentials – the ever-reliable "admin:admin" –  making initial access trivial. Worse, on certain versions (6.0.0 through 6.1.1), an older flaw, CVE-2024…

Apr 17, 2026 · Carly Page

theregister.com › on-prem › 2026 › …

Microsoft raises UK Surface prices as RAM shortage bites

…up, and not by a trivial amount. Microsoft – which recently reported a 60 percent jump in profits – is pointing the finger at component prices. "Due to recent increases in memory and component…

Apr 14, 2026 · Carly Page

theregister.com › software › 2026 › …

Usage-based billing muddles software vendor pricing

… MORE CONTEXT Anthropic struggling with Chinese competition, its own safety obsession OpenAI patches ChatGPT flaw that smuggled data over DNS Telnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach SAP looking to pull more external data into its AI platform with Reltio acquisition… …

Mar 31, 2026 · Thomas Claburn