Attention: You are using an outdated browser, device or you do not have the latest version of JavaScript downloaded and so this website may not work as expected. Please download the latest software or switch device to avoid further issues.
| 1 Apr 2026 | |
| Written by Gabi Gerber | |
| Attacks & Threats |
| Hacking Topics, Security Operation Center |
TeamPCP is weaponizing the fruits of its extensive supply chain attacks, using stolen credentials to access cloud and software-as-a-service (SaaS) environments.
The threat group this month compromised several open source software projects, starting with Trivy, an Aqua Security-maintained security scanner, and KICS, a Checkmarx-developed tool for static code analysis. More recently, TeamPCP actors hit LiteLLM, an open source Python library, and the PyPi package of Telnyx, which developers use for voice AI agents. More here
Chained Bypasses Exfiltrate Data Via Hidden AI Prompts More...
Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuratio… More...
In a new report from the Cloud Security Alliance (CSA), experts warn of an "AI vulnerability storm" triggered by the int… More...
Its Mythos Preview model, which can allegedly find and exploit critical zero-days, also comes with certain controls, the… More...
Chained Bypasses Exfiltrate Data Via Hidden AI Prompts More...
Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuratio… More...
In a new report from the Cloud Security Alliance (CSA), experts warn of an "AI vulnerability storm" triggered by the int… More...
Its Mythos Preview model, which can allegedly find and exploit critical zero-days, also comes with certain controls, the… More...
