Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

Tag: TeamPCP

IronWorm Malware Shares Shai-Hulud Traits, Takes Threat to 'Next Level'

IronWorm Malware Shares Shai-Hulud Traits, Takes Threat to ‘Next Level’

| | ebpf, IronWorm, jfrog, malware, Miasma, OX Security, Rust programming language, Shai-Hulud worm, software developers, software supply chain attacks, TeamPCP
Open source software developers continue to come under attack, with the latest threat being a custom malware that shares many of the attributes of the notorious Shai-Hulud self-propagating worm but comes with ...
Shai-Hulud Clone ‘Miasma’ Compromises 32 Red Hat npm Packages

Shai-Hulud Clone ‘Miasma’ Compromises 32 Red Hat npm Packages

| | Aikido Security, CI/CD (Continuous Integration/Continuous Deployment), Cloud Security, credential security, GitHub Actions, leaked secrets, npm malware, Orca Security, Shai-Hulud worm, TeamPCP, Wiz
The threat group behind the notorious Mini Shai-Hulud worm last month put the complete source code for the malware into a GitHub repository, essentially open sourcing the threat so that other bad ...
Widespread Mini Shai-Hulud Campaign Is a Matter of Trust

Widespread Mini Shai-Hulud Campaign Is a Matter of Trust

| | 360 Privacy, AI supply chain attacks, Aikido Security, CI/CD security, credentials, Endor Labs, npm malware, Pathlock, Sectigo, Shai-Hulud worm, TeamPCP, trust in technology
The latest series of attacks using the notorious Shai-Hulud worm puts into sharp focus the threats facing software developers and their CI/CD pipelines, an issue that has been raised in recent months ...
open source, software, security, open-source, Lineaje, Linux, open source, report, study, Open source code

North Korean Hackers Suspected in Supply Chain Attack on Popular Axios Project

| | Axios, CI/CD, Google Threat Intelligence Group, JavaScript dependencies, Mandiant, North Korea, remote access trojan (RAT), Socket, sonatype, supply chain attack, TeamPCP
The threat actor targeted a highly popular open source project with more than 100 million weekly downloads, creating a large "blast radius." ...
supply chain, software, Checkmarx, data, Endor, SCA, supply chain, security, workflows, supply chain, software, supply chain security, appsec, polyfill, software, supply chains, DevOps, DevSecOps, Google supply chain

Sophisticated Supply Chain Attack Targeting Trivy Expands to Checkmarx, LiteLLM

| | AI (Artificial Intelligence), AI supply chain attacks, Aqua Security Trivy, Checkmarx, Cloud Security, credentials, exposed secrets, GitHub Actions, LiteLLM, microsoft, Palo Alto Networks, Sysdig, TeamPCP
The supply chain attack that compromised Aqua Security’s Trivy open source security vulnerability scanner and its associated GitHub Actions earlier this month continues to expand, with software development tools from Checkmarx and ...