New research shows that a signed Git commit's hash is not the one-of-a-kind name that much of the software world assumes it to be. Given any signed commit, someone without the signing key can mint a ...
The post Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign appeared first on Tenable Blog. A self-propagating worm has compromised more than 170 npm and ...
A real-time conflict intelligence platform with live geospatial maps, GDELT-powered news ingestion, and economic-impact analytics for the 2026 Iran conflict (Operation Epic Fury). Built as a portfolio ...
On March 19, 2026, Trivy, Aqua Security’s widely used open-source vulnerability scanner, was reported to have been compromised in a sophisticated CI/CD-focused supply chain attack. Threat actors ...
TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, ...
The malware performs three stages: credential collection (process memory dump + filesystem sweep), AES-256/RSA-4096 encryption, and exfiltration to attacker infrastructure with a GitHub fallback. Flag ...
Modern web applications operate in an environment where bots probe public-facing endpoints within minutes of deployment, bug-bounty hunters comb through newly merged pull requests, and nation-state ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results