The FBI has released a PSA about TeamPCP, a data extortion group blamed for what's been called the longest running streak of software supply-chain hacks ever. TeamPCP is responsible for a godawful number of popular code packages getting backdoored over the past six months. In the process they've compromised even more repos in a wormlike fashion, including a number of security tools like Trivy/Aqua Security, CheckMarx, and LiteLLM. TeamPCP also recently compromised GitHub, infecting at least 3,800 repositories with credential-stealing malware.
BrianKrebs
@briankrebs@infosec.exchange
Independent investigative journalist. Covers cybercrime, security, privacy. Author of 'Spam Nation,' a NYT bestseller. Former Washington Post reporter, '95-'09. Signal: briankrebs.07
krebsonsecurity @ gmail .com
Linkedin: https://www.linkedin.com/in/bkrebs
- website
- https://krebsonsecurity.com
Replying to @syntaxseed@phpc.social
@syntaxseed Nah she won't hardly let you touch her giant ears. She certainly wouldn't stand for anything on her head.
Really not looking forward to back-to-back thunderstorms AND the local yokels setting off their usual barrage of fireworks well into the night. Our German Shepherd barks her head off at thunder and fireworks, and the only way I can get her to stop is put her in the car and sit w/ her and listen to an audiobook or playlist loudly to drown out the booms. On the bright side, I'll probably finish an audiobook tonight, lol.
Where do I send the bill? My 1 percent ranking might seem l33t on the surface, but it just means my content is more heavily plagiarized than most in my particular genre. I guess plagiarism really is the sincerest form of flattery.
