InfoWorld

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.
Global Investigative Journalism Network

Making Tech Surveillance a Reporting Beat

This chapter of GIJN's Tech Focus project highlights the need for a systemic push back against AI-enabled surveillance, which ...

10 iconic movies scenes that were only added at the last minute

Regardless of how hostile filming a movie might be, there’s always a chance that filmmakers have to alter originally planned ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...