TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
Two more GitHub Actions workflows have become the latest to be compromised…
TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise
TeamPCP, the threat actor behind the recent compromises of Trivy and KICS,…
Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets
The second wave of the Shai-Hulud supply chain attack has spilled over…
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
Apr 04, 2025Ravie LakshmananVulnerability / Open Source, The cascading supply chain attack…
GitHub Vulnerability ‘ArtiPACKED’ Exposes Repositories to Potential Takeover
Aug 15, 2024Ravie LakshmananCloud Security / DevOps A newly discovered attack vector…
Hackers Exploiting Jenkins Script Console for Cryptocurrency Mining Attacks
Jul 09, 2024NewsroomCI/CD Security / Server Security Cybersecurity researchers have found that…