The TeamPCP hacking group has been using credentials stolen in the recent OSS campaign to enumerate and compromise AWS ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Reimaging professional and educational practices for an AI-augmented future.

Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in the new version of LiteLLM. Analysis confirmed that it had ...

Third-party resellers and brokers foil transparency efforts and allow spyware to spread despite government restrictions, a ...

ThreatsDay Bulletin covers stealthy attack trends, evolving phishing tactics, supply chain risks, and how familiar tools are ...

2026年、日本で相次いだ大規模サイバー侵害。その多くは高度なハッキングではなかった。攻撃者が使ったのは、企業が放置していた「有効な認証情報」だ。いま問題になっているのは、脆弱性ではなくアクセス管理そのものである。

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

The TeamPCP hacking group is targeting Kubernetes clusters with a malicious script that wipes all machines when it detects ...

Trivy backdoored, FBI buys location data, iOS DarkSword kit, WhatsApp usernames, Langflow RCE, Cisco FMC zero-day & critical ...

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...