The TeamPCP hacking group has been using credentials stolen in the recent OSS campaign to enumerate and compromise AWS ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Reimaging professional and educational practices for an AI-augmented future.

Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in the new version of LiteLLM. Analysis confirmed that it had ...

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...

Third-party resellers and brokers foil transparency efforts and allow spyware to spread despite government restrictions, a ...

2026年、日本で相次いだ大規模サイバー侵害。その多くは高度なハッキングではなかった。攻撃者が使ったのは、企業が放置していた「有効な認証情報」だ。いま問題になっているのは、脆弱性ではなくアクセス管理そのものである。

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

AI管理ライブラリの「LiteLLM」がサプライチェーン攻撃を受け、一時的に悪意ある変更を含んだマルウェア版が配布されていたことが判明しました。LiteLLMのマルウェア版ではユーザーのSSHキーやAPIキーを盗み出すスクリプトが動作していたことも判 ...

Dangerous iPhone hack code tied to DarkSword has reportedly leaked onto GitHub, raising fresh risks for users with older ...

The TeamPCP hacking group is targeting Kubernetes clusters with a malicious script that wipes all machines when it detects ...

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...