SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...
SecurityWeek

Extortion Group Claims It Hacked AstraZeneca

The Lapsus$ extortion group has claimed the theft of 3GB of data from AstraZeneca, including internal code repositories and ...
XDA Developers on MSN

A popular Python library just became a backdoor to your entire machine

Supply chain attacks feel like they're becoming more and more common.
PCMag

US Disrupts Aisuru, Botnet Behind Record-Breaking 30Tbps DDoS Attacks

In total, the operation went after four botnets, estimated to have infected millions of devices across the globe, including TV boxes, web cameras and Wi-Fi routers.
Hackaday

This Week In Security: Linux Flaws, Python Ownage, And A Botnet Shutdown

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...
TechCrunch

Wikipedia blacklists Archive.today after alleged DDoS attack

Wikipedia editors have decided to remove all links to Archive.today, a web archiving service that they said has been linked to more than 695,000 times across the online encyclopedia. Archive.today — ...
Reuters

German railway booking systems hit by DDoS attack

Feb 18 (Reuters) - The booking and information systems for Germany's railway operator are back online for all customers after being disrupted by a Distributed Denial-of-Service (DDoS) attack on ...