16h ago · 40 min read · TL;DR — Read This First On March 19, 2026 at approximately 17:43 UTC, threat actor group TeamPCP silently redirected trivy-action@0.34.2 — a real, trusted release already running in thousands of CI/CD
Join discussion
9h ago · 6 min read · Originally published on satyamrastogi.com TeamPCP exploited European Commission cloud infrastructure to breach 30+ EU entities. Attack chain involved supply chain compromise, lateral movement across federated systems, and data exfiltration at scale....
Join discussion
1d ago · 2 min read · Two vulnerabilities in Progress ShareFile, an enterprise-grade secure file transfer solution, can be chained to enable unauthenticated file exfiltration from affected environments. Progress ShareFile is a document sharing and collaboration product ty...
Join discussion
1d ago · 6 min read · * Fraud operations have expanded beyond traditional hacking techniques to include methods that exploit legitimate services and real-world infrastructure. By combining publicly available data, weak identity verification processes, and operational gaps...
Join discussion
2d ago · 2 min read · Google released emergency updates to fix another Chrome zero-day vulnerability exploited in attacks, marking the fourth such security flaw patched since the start of the year. "Google is aware that an exploit for CVE-2026-5281 exists in the wild," Go...
Join discussion
3d ago · 3 min read · Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. According to reports from software supply chain security and applicati...
Join discussion
3d ago · 4 min read · Overview Cybersecurity researchers have discovered more malicious artifacts on Docker Hub related to a supply chain attack targeting the vulnerability scanner Trivy. This incident not only involves ma
Join discussion
3d ago · 12 min read · Summary of the campaign The APT group TA446 — linked to the Russian Federal Security Service (FSB), widely known as COLDRIVER, Callisto, and Star Blizzard — has made an unprecedented tactical shift: t
Join discussion
4d ago · 8 min read · The market for , or AI SOC agents as Gartner calls them, is moving fast. Dozens of startups have entered the space in the past 18 months, each promising to transform how security operations teams handle alert triage, investigation, and response. The ...
Join discussion
4d ago · 3 min read · Cybersecurity firm F5 Networks has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on unpatched devices. BIG-IP APM...
Join discussion
