notice: please create a custom view template for the cybersec class view-cybersec.html
Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens
The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of devices during the attack. [...]
12:10 am, March 25, 2026
guid
https://www.bleepingcomputer.com/news/security/popular-litellm-pypi-package-compromised-in-teampcp-supply-chain-attack/
source_url
https://www.bleepingcomputer.com/news/security/popular-litellm-pypi-package-compromised-in-teampcp-supply-chain-attack/
author_name
Lawrence Abrams
id: 341
uid: orxHI
insdate: 2026-03-25 00:10:10
title: Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens
additional: The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of devices during the attack. [...]
category: Cybersecurity
md5:
guid: https://www.bleepingcomputer.com/news/security/popular-litellm-pypi-package-compromised-in-teampcp-supply-chain-attack/
source_url: https://www.bleepingcomputer.com/news/security/popular-litellm-pypi-package-compromised-in-teampcp-supply-chain-attack/
updated:
image:
author_name: Lawrence Abrams
author_link:
uid: orxHI
insdate: 2026-03-25 00:10:10
title: Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens
additional: The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of devices during the attack. [...]
category: Cybersecurity
md5:
guid: https://www.bleepingcomputer.com/news/security/popular-litellm-pypi-package-compromised-in-teampcp-supply-chain-attack/
source_url: https://www.bleepingcomputer.com/news/security/popular-litellm-pypi-package-compromised-in-teampcp-supply-chain-attack/
updated:
image:
author_name: Lawrence Abrams
author_link:
Add Comment
AI Testing
Page Views
This page has been viewed 1 times.
Search cybersec
Category List cybersec
- Cybersecurity
- /proxy/ URL scans with IP addresses, (Mon, Mar 16th)
- 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict
- 2026 Browser Data Reveals Major Enterprise Security Blind Spots
- 5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents
- 54 EDR Killers Use BYOVD to Exploit 34 Signed Vulnerable Drivers and Disable Security
- 54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security
- 7 Ways to Prevent Privilege Escalation via Password Resets
- 9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors
- A React-based phishing page with credential exfiltration via EmailJS, (Fri, Mar 13th)
- AI Agents: The Next Wave Identity Dark Matter - Powerful, Invisible, and Unmanaged
- AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
- AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds
- AI-generated Slopoly malware used in Interlock ransomware attack
- APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military
- APT28 hackers deploy customized variant of Covenant open-source tool
- APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine
- APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2
- Alabama man pleads guilty to hacking, extorting hundreds of women
- Amazon: Drone strikes damaged AWS data centers in Middle East
- Analyzing "Zombie Zip" Files (CVE-2026-0866), (Wed, Mar 11th)
- Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse
- Android gets patches for Qualcomm zero-day exploited in attacks
- Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model
- Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS
- Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit
- Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks
- Apple patches older iPhones and iPads against Coruna exploits
- Apple pushes first Background Security Improvements update to fix WebKit flaw
- AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code
- Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload
- Aura confirms data breach exposing 900,000 marketing contacts
- Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries
- Betterleaks, a new open-source secrets scanner to replace Gitleaks
- Bing AI promoted fake OpenClaw GitHub repo pushing info-stealing malware
- Bitrefill blames North Korean Lazarus group for cyberattack
- Bitwarden adds support for passkey login on Windows 11
- Bruteforce Scans for CrushFTP , (Tue, Mar 3rd)
- Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow
- CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog
- CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths
- CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed
- CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
- CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited
- CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks
- CISA flags VMware Aria Operations RCE flaw as exploited in attacks
- CISA flags Wing FTP Server flaw as actively exploited in attacks
- CISA orders feds to patch DarkSword iOS flaws exploited attacks
- CISA orders feds to patch Zimbra XSS flaw exploited in attacks
- CISA orders feds to patch max-severity Cisco flaw by Sunday
- CISA orders feds to patch n8n RCE flaw exploited in attacks
- CISA urges US orgs to secure Microsoft Intune systems after Stryker breach
- CISA warns feds to patch iOS flaws exploited in crypto-theft attacks
- CISA warns of Apple flaws exploited in spyware, crypto-theft attacks
- CISA: Recently patched Ivanti EPM flaw now actively exploited
- Can the Security Platform Finally Deliver for the Mid-Market?
- Canadian retail giant Loblaw notifies customers of data breach
- China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks
- Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware
- Chinese state hackers target telcos with new malware toolkit
- Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft
- Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities
- Cisco flags more SD-WAN flaws as actively exploited in attacks
- Cisco warns of max severity Secure FMC flaws giving root access
- Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
- Claude Code Security and Magecart: Getting the Threat Model Right
- ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers
- Cognizant TriZetto breach exposes health data of 3.4 million patients
- Compromised Site Management Panels are a Hot Item in Cybercrime Markets
- ConnectWise patches new flaw allowing ScreenConnect hijacking
- Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1
- Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
- Critical Microsoft SharePoint flaw now exploited in attacks
- Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE
- Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23
- Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
- Crunchyroll probes breach after hacker claims to steal 6.8M users' data
- CyberStrikeAI tool adopted by hackers for AI-powered attacks
- DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage
- DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover
- Detecting IP KVMs, (Tue, Mar 24th)
- Differentiating Between a Targeted Intrusion and an Automated Opportunistic Scanning [Guest Diary], (Wed, Mar 4th)
- DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks
- Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices
- Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware
- Dutch Ministry of Finance discloses breach affecting employees
- Dutch govt warns of Signal, WhatsApp account hijacking attacks
- EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security
- EU court adviser says banks must immediately refund phishing victims
- Encrypted Client Hello: Ready for Prime Time?, (Mon, Mar 9th)
- England Hockey investigating ransomware data breach
- Ericsson US discloses data breach after service provider hack
- Europe sanctions Chinese and Iranian firms for cyberattacks
- Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks
- Europol-coordinated action disrupts Tycoon2FA phishing platform
- Ex-data analyst stole company data in $2.5M extortion scheme
- FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
- FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials
- FBI arrests suspect linked to $46M crypto theft from US Marshals
- FBI investigates breach of surveillance and wiretap systems
- FBI links Signal phishing attacks to Russian intelligence services
- FBI seeks victims of Steam games used to spread malware
- FBI seizes Handala data leak site after Stryker cyberattack
- FBI seizes LeakBase cybercrime forum, data of 142,000 members
- FBI warns of Handala hackers using Telegram in malware attacks
- FBI warns of phishing attacks impersonating US city, county officials
- FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns
- FCC bans new routers made outside the USA over security risks
- Facebook accounts unavailable in worldwide outage
- Fake Claude Code install guides push infostealers in InstallFix attacks
- Fake Google Security site uses PWA app to steal credentials, MFA codes
- Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
- Fake LastPass support email threads try to steal vault passwords
- Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations
- Fake enterprise VPN downloads used to steal company credentials
- Fake enterprise VPN sites used to steal company credentials
- Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
- Firefox now has a free built-in VPN with 50GB monthly data limit
- Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
- Florida woman imprisoned for massive Microsoft license fraud scheme
- FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
- From VMware to what’s next: Protecting data during hypervisor migration
- GSocket Backdoor Delivered Through Bash Script, (Fri, Mar 20th)
- Ghanain man pleads guilty to role in $100 million fraud ring
- Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
- GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
- GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers
- GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX
- Going the Extra Mile: Travel Rewards Turn into Underground Currency.
- Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
- Google Chrome shifts to two-week release cycle for increased stability
- Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited
- Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome
- Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8
- Google adds ‘Advanced Flow’ for safe APK sideloading on Android
- Google fixes two new Chrome zero-days exploited in attacks
- Google paid $17.1 million for vulnerability reports in 2025
- Google says 90 zero-days were exploited in attacks last year
- Google: Cloud attacks exploit flaws more than weak credentials
- HPE warns of critical AOS-CX flaw allowing admin password resets
- Hacker mass-mails HungerRush extortion emails to restaurant patrons
- HackerOne discloses employee data breach after Navia hack
- Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
- Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
- Hackers abuse .arpa DNS and ipv6 to evade phishing defenses
- Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog
- Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks
- How AI Assistants are Moving the Security Goalposts
- How CISOs Can Survive the Era of Geopolitical Cyberattacks
- How Ceros Gives Security Teams Visibility and Control in Claude Code
- How Deepfakes and Injection Attacks Are Breaking Identity Verification
- How a Brute Force Attack Unmasked a Ransomware Infrastructure Network
- How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs
- How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows
- INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime
- IPv4 Mapped IPv6 Addresses, (Tue, Mar 17th)
- ISC Stormcast For Friday, March 13th, 2026 https://isc.sans.edu/podcastdetail/9848, (Fri, Mar 13th)
- ISC Stormcast For Friday, March 20th, 2026 https://isc.sans.edu/podcastdetail/9858, (Fri, Mar 20th)
- ISC Stormcast For Friday, March 6th, 2026 https://isc.sans.edu/podcastdetail/9838, (Fri, Mar 6th)
- ISC Stormcast For Monday, March 16th, 2026 https://isc.sans.edu/podcastdetail/9850, (Mon, Mar 16th)
- ISC Stormcast For Monday, March 23rd, 2026 https://isc.sans.edu/podcastdetail/9860, (Mon, Mar 23rd)
- ISC Stormcast For Monday, March 9th, 2026 https://isc.sans.edu/podcastdetail/9840, (Mon, Mar 9th)
- ISC Stormcast For Thursday, March 12th, 2026 https://isc.sans.edu/podcastdetail/9846, (Thu, Mar 12th)
- ISC Stormcast For Thursday, March 19th, 2026 https://isc.sans.edu/podcastdetail/9856, (Thu, Mar 19th)
- ISC Stormcast For Thursday, March 5th, 2026 https://isc.sans.edu/podcastdetail/9836, (Thu, Mar 5th)
- ISC Stormcast For Tuesday, March 10th, 2026 https://isc.sans.edu/podcastdetail/9842, (Tue, Mar 10th)
- ISC Stormcast For Tuesday, March 17th, 2026 https://isc.sans.edu/podcastdetail/9852, (Tue, Mar 17th)
- ISC Stormcast For Tuesday, March 24th, 2026 https://isc.sans.edu/podcastdetail/9862, (Tue, Mar 24th)
- ISC Stormcast For Tuesday, March 3rd, 2026 https://isc.sans.edu/podcastdetail/9832, (Tue, Mar 3rd)
- ISC Stormcast For Wednesday, March 11th, 2026 https://isc.sans.edu/podcastdetail/9844, (Wed, Mar 11th)
- ISC Stormcast For Wednesday, March 18th, 2026 https://isc.sans.edu/podcastdetail/9854, (Wed, Mar 18th)
- ISC Stormcast For Wednesday, March 25th, 2026 https://isc.sans.edu/podcastdetail/9864, (Wed, Mar 25th)
- ISC Stormcast For Wednesday, March 4th, 2026 https://isc.sans.edu/podcastdetail/9834, (Wed, Mar 4th)
- Infinite Campus warns of breach after ShinyHunters claims data theft
- Interesting Message Stored in Cowrie Logs, (Wed, Mar 18th)
- Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access
- International joint action disrupts world’s largest DDoS botnets
- Investigating a New Click-Fix Variant
- Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
- Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor
- KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet
- Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware
- LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader
- LeakNet ransomware uses ClickFix and Deno runtime for stealthy attacks
- LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks
- LexisNexis confirms data breach as hackers leak stolen files
- Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover
- Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers
- Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials
- Manager of botnet used in ransomware attacks gets 2 years in prison
- Marquis: Ransomware gang stole data of 672K people in cyberattack
- Max severity Ubiquiti UniFi flaw may allow account takeover
- Mazda discloses security breach exposing employee and partner data
- Medtech giant Stryker offline after Iran-linked wiper malware attack
- Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown
- Meta adds new WhatsApp, Facebook, and Messenger anti-scam tools
- Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026
- Microsoft 365 Backup to add file-level restore for faster recovery
- Microsoft Azure Monitor alerts abused for callback phishing attacks
- Microsoft Azure Monitor alerts abused in callback phishing campaigns
- Microsoft Exchange Online outage blocks access to mailboxes
- Microsoft Exchange Online service change causes email access issues
- Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws
- Microsoft Patch Tuesday March 2026, (Tue, Mar 10th)
- Microsoft Patch Tuesday, March 2026 Edition
- Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days
- Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer
- Microsoft Teams phishing targets employees with A0Backdoor malware
- Microsoft Teams phishing targets employees with backdoors
- Microsoft Teams will tag third-party bots trying to join meetings
- Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware
- Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets
- Microsoft brings phishing-resistant Windows sign-ins via Entra passkeys
- Microsoft fixes bug causing Classic Outlook sync issues with Gmail
- Microsoft investigates classic Outlook sync and connection issues
- Microsoft pulls Samsung app blocking Windows C: drive from Store
- Microsoft releases Windows 10 KB5078885 extended security update
- Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw
- Microsoft shares fix for Windows C: drive access issues on Samsung PCs
- Microsoft still working to fix Windows Explorer white flashes
- Microsoft stops force-installing the Microsoft 365 Copilot app
- Microsoft to enable Windows hotpatch security updates by default
- Microsoft: Enabling Teams Meeting add-in breaks Outlook Classic
- Microsoft: Hackers abuse OAuth error flows to spread malware
- Microsoft: Hackers abusing AI at every stage of cyberattacks
- Microsoft: March Windows updates break Teams, OneDrive sign-ins
- Microsoft: Windows 11 users can't access C: drive on some Samsung PCs
- Mississippi medical center reopens clinics hit by ransomware attack
- Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT
- Musician admits to $10M streaming royalty fraud using AI bots
- Navia discloses data breach impacting 2.7 million people
- New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries
- New 'Zombie ZIP' technique lets malware slip past security tools
- New BeatBanker Android malware poses as Starlink app to hijack devices
- New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
- New KB5085516 emergency update fixes Microsoft account sign-in
- New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network
- New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data
- New PhantomRaven NPM attack wave steals dev data via 88 packages
- New RFP Template for AI Usage Control and AI Governance
- New Windows 11 hotpatch fixes Bluetooth device visibility issue
- New font-rendering trick hides malicious commands from AI tools
- New ‘BlackSanta’ EDR killer spotted targeting HR departments
- New ‘Perseus’ Android malware checks user notes for secrets
- New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores
- New “Darksword” iOS exploit used in infostealer attack on iPhones
- Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation
- Nordstrom's email system abused to send crypto scams to customers
- North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware
- OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs
- Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries
- OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues
- OpenAI rolls out ChatGPT Library to store your personal files
- OpenAI says ChatGPT ads are not rolling out globally for now
- OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration
- Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
- Oracle pushes emergency fix for critical Identity Manager RCE flaw
- PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug
- Paint maker giant AkzoNobel confirms cyberattack on U.S. site
- Phobos ransomware admin pleads guilty to wire fraud conspiracy
- Poland's nuclear research centre targeted by cyberattack
- Police dismantles online gambling ring exploiting Ukrainian women
- Police sinkholes 45,000 IP addresses in cybercrime crackdown
- Police take down 373,000 fake CSAM sites in Operation Alice
- Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens
- Popular LiteLLM PyPI package compromised in TeamPCP supply chain attack
- Preparing for the Quantum Era: Post-Quantum Cryptography Webinar for Security Leaders
- Product Walkthrough: How Mesh CSMA Reveals and Breaks Attack Paths to Crown Jewels
- Ransomware gang exploits Cisco flaw in zero-day attacks since January
- Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes
- Russian hackers exploit Zimbra flaw in Ukrainian govt attacks
- Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays
- SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites
- Scans for "adminer", (Wed, Mar 18th)
- Shadow AI is everywhere. Here’s how to find and secure it.
- ShinyHunters claims ongoing Salesforce Aura data theft attacks
- Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
- SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains
- SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2), (Wed, Mar 25th)
- SmartApeSG campaign uses ClickFix page to push Remcos RAT, (Sat, Mar 14th)
- Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers
- Spyware-grade Coruna iOS exploit kit now used in crypto theft attacks
- Star Citizen game dev discloses breach affecting user data
- Starbucks discloses data breach affecting hundreds of employees
- Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication
- Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials
- Stryker attack wiped tens of thousands of devices, no malware needed
- Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR
- TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise
- TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise
- TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
- TeamPCP deploys Iran-targeted wiper in Kubernetes attacks
- Telus Digital confirms breach after hacker claims 1 petabyte data theft
- Termite ransomware breaches linked to ClickFix CastleRAT attacks
- The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills
- The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks
- The MSP Guide to Using AI-Powered Risk Management to Scale Cybersecurity
- The New Turing Test: How Threats Use Geometry to Prove 'Humanness'
- The Refund Fraud Economy: Exploiting Major Retailers and Payment Platforms
- The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction
- Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool
- ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine & More
- ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More
- ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More
- Tool updates: lots of security and logic fixes, (Mon, Mar 23rd)
- Top 5 Things CISOs Need to Do Today to Secure AI Agents
- Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India
- Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
- Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
- Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
- Trivy supply-chain attack spreads to Docker, GitHub repos
- Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
- Tycoon2FA phishing platform returns after recent police disruption
- U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage
- UH Cancer Center data breach affects nearly 1.2 million people
- UK warns of Iranian cyberattack risks amid Middle-East conflict
- UK’s Companies House confirms security flaw exposed business data
- UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device
- UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
- US charges another ransomware negotiator linked to BlackCat attacks
- US disrupts SocksEscort proxy network powered by Linux malware
- Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit
- Varonis Atlas: Securing AI and the Data That Powers It
- Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution
- Veeam warns of critical flaws exposing backup servers to RCE attacks
- VoidStealer malware steals Chrome master key via debugger trick
- Want More XWorm?, (Wed, Mar 4th)
- We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them
- Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure
- What Boards Must Demand in the Age of AI-Automated Exploitation
- WhatsApp introduces parent-managed accounts for pre-teens
- When your IoT Device Logs in as Admin, It?s too Late! [Guest Diary], (Wed, Mar 11th)
- Where Multi-Factor Authentication Stops and Credential Abuse Starts
- Why Password Audits Miss the Accounts Attackers Actually Want
- Why Security Validation Is Becoming Agentic
- Wikipedia hit by self-propagating JavaScript worm that vandalized pages
- Windows 10 KB5075039 update fixes broken Recovery Environment
- Windows 11 KB5079473 & KB5078883 cumulative updates released
- WordPress membership plugin bug exploited to create admin accounts
- YARA-X 1.14.0 Release, (Sat, Mar 7th)
- Yanluowang ransomware access broker gets 81 months in prison
- Zero Trust: Bridging the Gap Between Authentication and Trust
- ‘CanisterWorm’ Springs Wiper Attack Targeting Iran
- ⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
- ⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More
- ⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware
- ⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More