Supply-Chain
FBI Classifies Salt Typhoon Breach of Wiretap Infrastructure as 'Major Cyber Incident'
The FBI has formally classified the Salt Typhoon compromise of its DCSNet wiretap system as a FISMA major incident, the bureau's first such designation since 2020.
Dead Drops on the Chain: Why Blockchain Became the C2 Infrastructure Defenders Can't Take Down
From EtherHiding to CanisterWorm to GlassWorm — attackers spent three years systematically proving that blockchain is the unkillable C2 channel. Here's how each technique works and what you can actually do about it.
TeamPCP's Supply Chain Cascade: Trivy, KICS, LiteLLM, Telnyx Compromised — Now Pivoting to Ransomware via Vect
TeamPCP poisoned Trivy, KICS, LiteLLM, and Telnyx across GitHub Actions and PyPI in March 2026, harvested ~300 GB of CI/CD secrets, breached Cisco and AstraZeneca, and has now partnered with Vect RaaS to convert stolen credentials into ransomware deployments.
TrueConf Zero-Day Weaponized by Chinese-Nexus APT to Backdoor Southeast Asian Governments
Operation TrueChaos exploited CVE-2026-3502 in TrueConf's update mechanism to push Havoc C2 payloads across government networks via a compromised on-premises server.
Axios npm Hijacked: Compromised Maintainer Account Drops Cross-Platform RAT in 100M-Download Package
DPRK-linked UNC1069 compromised the axios npm maintainer's account and published two backdoored versions that deployed the WAVESHAPER.V2 RAT to macOS, Windows, and Linux — present in ~80% of cloud environments.
CanisterWorm and GlassWorm: Two Independent Supply Chain Attacks Using Blockchain as C2
Both attacks use blockchain infrastructure — ICP and Solana respectively — as command-and-control channels. Trivy itself was compromised.