Login Subscribe

Vulnerabilities & Exploits

Supply‑Chain Backdoor Inserted into LiteLLM via Compromised Trivy CI/CD

Supply‑Chain Backdoor Inserted into LiteLLM via Compromised Trivy CI/CD

Researchers have identified that the threat actor group TeamPCP compromised the Trivy container‑image scanner used in the LiteLLM CI/CD pipeline. By injecting malicious code into the open‑source LiteLLM library during the build process, they created a persistent backdoor that activates whenever the library handles a Large Language

FBI-led Sweep Shuts Down Massive IoT Botnets Behind Recent DDoS Floods

Federal investigators, led by the FBI and supported by international law‑enforcement partners, dismantled the command‑and‑control infrastructure of several large IoT botnets that had been weaponized in high‑volume DDoS campaigns. The operation seized dozens of hosting accounts, redirected malicious traffic, and worked with affected device manufacturers to

Backdoored Trivy Scanner Fuels Supply‑Chain Worm in CI/CD Pipelines

Backdoored Trivy Scanner Fuels Supply‑Chain Worm in CI/CD Pipelines

The open‑source Trivy vulnerability scanner was compromised and a covert backdoor was added to its official binary releases and the accompanying GitHub Actions workflow files. Attackers leveraged the trusted distribution channel to inject malicious payloads that automatically executed when developers pulled the scanner or used the pre‑built CI

Active Telescope Reveals Global React2Shell Exploit Campaign

Researchers used an active network telescope—a set of routable IP addresses that respond to unsolicited traffic—to capture and dissect internet‑scale abuse of the React2Shell vulnerability. By probing the telescope, they observed thousands of malicious connection attempts, identified the geographic sources of the attacks, classified victim host types,

Unified Validation Stack: End Fragmented Security Gaps

Unified Validation Stack: End Fragmented Security Gaps

The security community is witnessing a shift toward “agentic” validation, where isolated tools—like breach‑and‑attack simulations, manual pentests, and vulnerability scanners—miss the full picture of multi‑stage attacks. When each tool operates in its own silo, the data it generates can’t be correlated, allowing attackers to

New Framework Ties Metrics to KRIs, Boosting Vulnerability Prioritization

New Framework Ties Metrics to KRIs, Boosting Vulnerability Prioritization

Researchers have released a paper outlining a quantitative framework that links security performance metrics—such as patch latency, exploit prevalence, detection time, and remediation speed—to Key Risk Indicators (KRIs). By converting these operational data points into a unified risk exposure score for each asset or vulnerability, the model enables