Official CheckMarx Jenkins package compromised with infostealer
… A company spokesperson confirmed to BleepingComputer that the threat actor obtained credentials to the repositories from the Trivy supply-chain attack in March. …
Tracked topic
Trivy is an open source vulnerability scanner for container images, files, and code that detects known security issues in software dependencies.
… A company spokesperson confirmed to BleepingComputer that the threat actor obtained credentials to the repositories from the Trivy supply-chain attack in March. …
… The Trivy breach also affected the LiteLLM open-source Python library in an attack that infected tens of thousands of devices with its "TeamPCP Cloud Stealer" information-stealing malware. …
…Although the injected commands do not initially run as root, the researchers found that the affected service account's sudo privileges make privilege escalation trivial. According to Bishop Fox, no credentials, user…
…The Linux distribution maintainers confirmed that crashing NGINX worker processes via a crafted request is trivial and reliable, making denial-of-service attacks realistic. However, they stated that turning the heap overflow…
…This behavior makes it trivial for unauthenticated attackers to generate password reset links for any user registered on the site to email addresses under their control, easily hijacking them. Once an attacker…
…The flaw does not have an identifier and is trivial to exploit with a single HTTP request. It impacts phpBB versions 4.0.0-a2 or 3.3.16 and below. Researchers…
… TeamPCP is a cloud-focused threat group known for high-profile supply-chain breaches against Aqua Security’s Trivy scanner, the LiteLMM and Telnyx PyPI packages, and more recently, SAP npm packages . …
…According to some reporters, the account-hijacking attacks were trivial. The activity involved chatting with Meta’s AI assistant, convincing it that the attacker was the legitimate account owner, and tricking it…
… Download Now Related Articles: TeamPCP hackers advertise Mistral AI code repos for sale Official SAP npm packages compromised to steal credentials Shai Hulud attack ships signed malicious TanStack, Mistral npm packages Bitwarden CLI npm package compromised to steal developer credentials Trivy vulne… …
… The Sportradar case was linked to a compromised Trivy scanner and included exposure of sensitive operational material such as database passwords, API key and secret pairs, Kafka credentials, and monitoring tokens. …