Trivy is a tool tracked across 31 threat clusters and 59 intelligence report mentions on ThreatCluster. First observed March 3, 2026; most recent activity July 7, 2026.
In 2026, significant cybersecurity incidents have emerged, including a data breach at the US Social Security Administration (SSA) linked to the Department of Government Efficiency (DOGE) led by Elon Musk. Reports…
In 2026, cyberattacks have escalated from data theft to targeting critical infrastructure, affecting government systems, educational platforms, and medical technology companies. The U.S. Department of Government…
The TeamPCP threat group has expanded its supply chain attack campaign, compromising the Microsoft DurableTask Python client with versions v1.4.1, v1.4.2, and v1.4.3 found to contain a credential-stealing worm. This…
On March 24, 2026, two versions of the LiteLLM Python package (1.82.7 and 1.82.8) were compromised on PyPI, embedding credential-stealing payloads. The attack, linked to the TeamPCP threat actor, exploited a…
Cisco Systems has disclosed a critical authentication bypass vulnerability, CVE-2026-20093, affecting its Integrated Management Controller (IMC) with a CVSS score of 9.8. This flaw allows unauthenticated remote…
Checkmarx reported a malicious version of its Jenkins AST plugin was uploaded to the Jenkins Marketplace on May 9, 2026. This backdoored plugin, which affects security scans in Jenkins CI pipelines, poses a significant…
Recent research from Darktrace reveals the evolution of Chinese-nexus cyber operations over the past two decades, highlighting a shift from high-volume attacks to more strategic, identity-centric intrusions. This change…
On March 24, 2026, two malicious versions of the LiteLLM Python package (1.82.7 and 1.82.8) were published on PyPI, containing credential-stealing malware. The attack, attributed to the TeamPCP threat group, exploited…
The Trivy vulnerability scanner was compromised in a supply-chain attack by TeamPCP, which injected credential-stealing malware into official releases and GitHub Actions. The breach was disclosed on March 21, 2026, and…
AI recruiting startup Mercor confirmed it was impacted by a supply chain attack linked to the LiteLLM project, which has affected thousands of organizations. The breach was attributed to the hacking group TeamPCP, with…