The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed.

Open Wallet Standard launches with 21 firms enabling secure local key storage and multi chain signing for AI agents.

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide persistence and lateral spread.

IntroductionOn March 1, 2026, ThreatLabz observed new activity from a China-nexus threat actor targeting countries in the Persian Gulf region. The activity took place within the first 24 hours of the ...

Trivy backdoored, FBI buys location data, iOS DarkSword kit, WhatsApp usernames, Langflow RCE, Cisco FMC zero-day & critical ...

On March 19, 2026, a threat actor known as TeamPCP compromised Aqua Security’s Trivy vulnerability scanner – the most widely adopted open-source scanner in the cloud-native ecosystem. The attacker ...

On the morning of March 24, 2026, tens of thousands of software developers working on AI applications were unknowingly exposed to malware.

Earlier this year, Google expanded its AI-powered search summaries to Gmail, giving users a quicker way to find relevant information in their inbox. Now, the company is bringing AI Overviews to Google ...

Nicole Charky-Chami is a senior editor based in Los Angeles, writing and producing breaking news. She teaches journalism courses for UCLA Extension and previously taught at Loyola Marymount University ...

Amid recent financial reports that more businesses report low productivity than has been seen in three decades, workspace analysts have recently shared how the physical work environment may be a ...

LiteLLM, a widely used AI developer tool, was hit by a supply chain attack through a malicious PyPI release. The malware stole credentials, spread across systems, and crashed machines. The incident ...