SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB of data.
Security Boulevard

7 Enterprise Infrastructure Tools That Eliminate Months of Engineering Work

Discover 7 enterprise infrastructure tools that reduce engineering workload, speed deployment, and eliminate months of manual setup ...
The Hacker News

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across developer systems.

CNCF Welcomes 21 New Silver Members As Global Demand Surges for Observability, AI, and Secure Cloud Native Infrastructure

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, today announced the addition of 21 new Silver Members, Silver End Users, and Non-Profit ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide. This analysis walks through the Trivy supply‑chain compromise, attacker ...

Clutch Names Excellent Webworld a Top Performer in AI, ML, App, SaaS, and Software Development Services Across the U.S

Excellent Webworld earns multi-category recognition from Clutch, highlighting 15+ years of client-verified excellence ...

As "Spamalot" returns to L.A., Eric Idle is feeling sentimental about his epic career

As "Spamalot" returns to the Hollywood Pantages, Eric Idle says of absurdist comedy, "these are the sort of times when we need it." ...
Cybernews

Critical Python supply chain compromise: how library used by millions of AI developers got infected with malware

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of credential-harvesting malware to thousands of AI developers.