> supply chain attack monitor
Tracking software supply chain compromises across package registries, build systems, and update mechanisms. Each incident is logged with affected packages, attack vector, severity, and links to full analysis.
axios 1.14.1, 0.30.4
DPRK-linked UNC1069 compromised the axios maintainer account and published backdoored versions (1.14.1, 0.30.4) deploying the WAVESHAPER.V2 RAT. 100M+ weekly downloads, ~80% cloud environment exposure.
AppArmor (kernel) Ubuntu default AppArmor profiles
CrackArmor research disclosed a chain of AppArmor bypasses enabling container escapes from Docker and Kubernetes pods on default Ubuntu configurations.
aquasecurity/trivy-action, aquasecurity/setup-trivy, trivy binary trivy-action/setup-trivy (pinned by tag, March 19); trivy binary v0.69.4, v0.69.5, v0.69.6
TeamPCP stole a GitHub PAT via misconfigured pull_request_target workflow and force-pushed malicious commits to 76/77 Trivy version tags plus Docker Hub/GHCR/ECR. TeamPCP Cloud Stealer harvested CI/CD secrets, SSH keys, cloud creds, and K8s tokens from any pipeline that ran Trivy that day.
checkmarx/kics-github-action, checkmarx/ast-github-action kics-github-action (all tags via March 23 push); ast-github-action 2.3.28
TeamPCP force-pushed malicious commits to all 35 version tags of checkmarx/kics-github-action and poisoned ast-github-action v2.3.28, continuing the same credential-harvesting campaign as the Trivy compromise.
litellm 1.82.7, 1.82.8 (last clean: 1.82.6)
TeamPCP published two backdoored LiteLLM releases (1.82.7, 1.82.8) on PyPI containing the TeamPCP Cloud Stealer, which exfiltrates SSL/SSH keys, cloud credentials, K8s configs, API keys, and shell history.
telnyx 4.87.1, 4.87.2
TeamPCP published two backdoored Telnyx Python SDK releases (4.87.1, 4.87.2) on PyPI as part of the same credential-harvesting campaign targeting developer tooling.