MITRE ATT&CK — FreeIntelHub

T1195 — Supply Chain Compromise (Initial Access)

86 articles found

GBHackers Campaigns Mar 26

Fake npm Install Messages Conceal RAT Malware in New Open Source Supply Chain Attack

Fake npm install messages are the latest social engineering trick in the open source supply chain, with attackers abusing npm post‑install scripts to silentl...

T1204 T1195

GBHackers →

GBHackers CVE Microsoft Mar 26

Microsoft Unveils New Guidance to Detect and Defend Against Trivy Supply Chain Attack

Aqua Security’s vulnerability scanner, Trivy, suffered a sophisticated CI/CD supply chain compromise. The threat actor, identified as TeamPCP, leveraged prio...

T1195 1 IOC

GBHackers →

SC Media Campaigns Mar 25

TeamPCP supply chain attack hits LiteLLM PyPI package

Widely used open-source Python package LiteLLM has been targeted by the TeamPCP threat operation to facilitate extensive data compromise as part of its Trivy...

T1195

SC Media →

The Record Supply Chain Mar 25

Supply chain attack hits widely-used AI package, risks impacting thousands of companies

The incident highlights growing concerns over the security of the open-source software supply chain, where widely-used tools maintained by small teams can pr...

T1195

The Record →

GBHackers CVE Docker Mar 25

GoHarbor Issues Urgent Patch for Harbor Flaw Allowing Full Registry Compromise

A critical security flaw in GoHarbor’s Harbor container registry exposes organizations to severe supply chain attacks. Tracked as CVE-2026-4404, this vulnera...

T1195 T1598 1 IOC

GBHackers →

CSO Online Data Breach Google Cisco Mar 25

Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave

What started as a supply chain attack on Trivy, a widely used security scanner, has become a Lapsus$-linked extortion campaign, with more than 1,000 enterpri...

T1195 T1598

CSO Online →

Help Net Security Supply Chain Mar 25

LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks

A slew of supply chain attacks against popular open source tools and packages appears to have been orchestrated by TeamPCP, a cybercriminal group that rose t...

T1195

Help Net Security →

HackRead Campaigns Mar 25

TeamPCP Hits Trivy, Checkmarx, and LiteLLM in Credential Theft Campaign

Hackers compromised Trivy, Checkmarx, and LiteLLM in a supply chain attack, stealing cloud credentials, tokens, and crypto wallet data from developers.

T1078 T1195

HackRead →

Security Affairs Data Breach Kubernetes Mar 25

Malicious LiteLLM versions linked to TeamPCP supply chain attack

TeamPCP backdoored LiteLLM v1.82.

T1195

Security Affairs →

Microsoft Security Blog TTPs Microsoft Mar 25

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide. This analysis walks through th...

T1195

Microsoft Security Blog →

The Hacker News Campaigns GitHub Mar 24

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-nativ...

T1195 T1598

The Hacker News →

HackRead Supply Chain Kubernetes Mar 23

New CanisterWorm Targets Kubernetes Clusters, Deploys “Kamikaze” Wiper

CanisterWorm spreads via npm supply chain attack, hijacks developer accounts, targets Kubernetes clusters, and deploys destructive Kamikaze wiper payload.

T1195

HackRead →

Infosecurity Magazine Malware Docker Mar 23

Trivy Supply Chain Attack Expands With New Compromised Docker Images

New Trivy Docker images 0.69.

T1195

Infosecurity Magazine →

Security Affairs Data Breach GitHub Docker Mar 23

44 Aqua Security repositories defaced after Trivy supply chain breach

Malicious Trivy images on Docker Hub spread infostealer malware, exposing developers after a supply chain attack. Researchers found malicious Trivy images on...

T1195 T1491

Security Affairs →

The Hacker News Malware SAP Mar 23

⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More

Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still igno...

T1195

The Hacker News →

The Hacker News Malware Docker Kubernetes Mar 23

Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper

Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening bl...

T1195

The Hacker News →

The Hacker News Malware Mar 21

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the co...

T1195

The Hacker News →

CSO Online Data Breach GitHub Mar 21

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

Attackers have compromised the widely used open-source Trivy vulnerability scanner, injecting credential-stealing malware into official releases and GitHub A...

T1195

CSO Online →

CrowdStrike Blog Supply Chain Mar 20