Incident
The 'Private-CISA' Leak: A Contractor Left GovCloud Keys and Artifactory Creds Public on GitHub for Six Months
A CISA contractor's public GitHub repo exposed AWS GovCloud admin keys, internal Artifactory credentials, and plaintext passwords to dozens of agency systems for roughly six months.
European Commission Confirms Cloud Breach — Trivy Supply Chain Attack Cascades Into 30+ EU Entities
The European Commission confirms a data breach affecting 30+ EU entities after the compromised Trivy scanner leaked AWS API keys to TeamPCP. ShinyHunters published 92 GB of stolen data.
TeamPCP's Supply Chain Cascade: Trivy, KICS, LiteLLM, Telnyx Compromised — Now Pivoting to Ransomware via Vect
TeamPCP poisoned Trivy, KICS, LiteLLM, and Telnyx across GitHub Actions and PyPI in March 2026, harvested ~300 GB of CI/CD secrets, breached Cisco and AstraZeneca, and has now partnered with Vect RaaS to convert stolen credentials into ransomware deployments.