Mercor Confirms 4TB Data Breach in Supply-Chain Attack Mercor says Lapsus$ exfiltrated 4TB via LiteLLM; disclosure Apr 2, 2026 affects clients including OpenAI and Anthropic and raises supply‑chain risks.

Mercor Confirms 4TB Data Breach in Supply-Chain Attack: Mercor says Lapsus$ exfiltrated 4TB via LiteLLM; disclosure Apr 2, 2026 affects clients including OpenAI and Anthropic and raises supply‑chain risks. 👈 Read full analysis #DataBreach #SupplyChainSecurity #CyberSecurity #Lapsus #DataProtection

Weekly Cybersecurity News: Increased Focus on Supply Chain And Credentials To Expand Access Supply chain attacks, spyware, and credential theft dominated this week focused on gaining access and control of targeted environments.

Read the full breakdown:
www.technadu.com/weekly-cyber...

What stands out most to you this week? Comment below 👇
#CyberSecurity #Infosec #ThreatIntelligence #SupplyChainSecurity #DataProtection

AI-generated code means AI-generated supply chain risk. 🛡️

A Build Artifact CDN like Develocity doesn't just speed things up—it gives you provenance on everything that shipped.

See how >> https://gradl.es/4uUnsBx

#Develocity #DevSecOps #SupplyChainSecurity

Modern organizations depend on systems and software they don’t fully control. Managing that risk starts with understanding those dependencies and limiting exposure where possible. #Cybersecurity #SupplyChainSecurity #RiskManagement

Alleged Cisco Breach Linked to Trivy Supply Chain Compromise, ShinyHunters Claims 3 Million Salesforce Records An alleged Cisco breach was linked to the Trivy supply chain compromise via a ShinyHunters extortion claim that asserted 3 million records leaked.

Read more:
www.technadu.com/alleged-cisc...

Share your thoughts below 👇
#Cybersecurity #SupplyChainSecurity #CloudSecurity #DataBreach #TechNews

Senate hearing presses for swift EXIM reauthorization as bank seeks hiring flexibility and risk‑management relief Senate Banking Committee members urged quick reauthorization of the Export‑Import Bank to counter Chinese financing, expand small‑business export access and back long‑dated strategic projects; EXIM’s president requested restoring former risk‑management parameters and hiring authority to recruit sector experts.

Senate leaders are pushing for the swift reauthorization of the Export-Import Bank to ensure American businesses can compete globally against China's aggressive financing tactics.

Learn more here

#US #SupplyChainSecurity #CitizenPortal #MarketAccess #SouthCarolinaExporters

Axios Supply Chain Attack Deploys Cross-Platform RAT An npm account compromise in the recent Axios supply chain attack deployed cross-platform RAT malware, exposing severe open-source security risks.

Read more:
www.technadu.com/axios-supply...

Do you think organizations are doing enough to secure their dependencies? Comment your thoughts below.
#CyberSecurity #SupplyChainSecurity #OpenSource #Infosec #DevSecOps

Your AI Gateway Was a Backdoor: Inside the LiteLLM Supply Chain Compromise TeamPCP orchestrated one of the most sophisticated multi-ecosystem supply chain campaigns publicly documented to date. It cascaded through developer tooling and compromised LiteLLM and exposed how AI…

AI supply chains are now a target.

A LiteLLM compromise shows how attackers exploit trusted tools to steal credentials and maintain access.

www.trendmicro.com/en_us/resear...

#CyberSecurity #SupplyChainSecurity #AIsecurity #ThreatIntelligence #DataExfiltration

Mercor AI Cyberattack Tied to LiteLLM Project Compromise, Lapsus$ Claims Breach The Mercor cyberattack was linked to the LiteLLM project compromise, which in turn was connected to the Trivy open-source security scanner compromise.

Full Article: www.technadu.com/mercor-ai-cy...

Do you think organizations are doing enough to secure their software supply chains? Share your thoughts below 👇
#Cybersecurity #SupplyChainSecurity #Infosec #DataBreach #DevSecOps

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms Claude Code 2.1.88 leak exposed 512,000 lines via npm error, fueling supply chain risks and typosquatting attacks.

Claude code leaked via malicious npm packaging - the supply chain remains a soft target for high-impact breaches. Trust in dependencies must be continuously verified. 📦⚠️ #SupplyChainSecurity #OpenSourceRisk

TeamPCP’s attack spree slows, but threat escalates with ransomware pivot - Help Net Security TeamPCP has shifted from supply chain expansion to monetization of existing credential harvests by partnering with ransomware attackers.

TeamPCP highlights how supply chain attacks are fueling ransomware - compromise once, impact many. The attackers scale faster than defenders. 🔗💥 #SupplyChainSecurity #Ransomware

This is why we can't just trust all the packages we use without checking. These attacks are happening more often, so please be careful about what you add or update in your code.
#npmsecurity #supplychainsecurity #javascript #webdev #cybersecurity

Trivy: 76/77 action tags force-pushed. Tag-pinned CI ran attacker code.
Takeaway: pin Actions to SHAs. Tags are untrusted.
Still pinning tags in prod?
www.upwind.io/feed/trivy-...

#SupplyChainSecurity #Cybersecurity

Using Evidence Platform as CI/CD Security Layer - ReARM by Reliza Following the recent Trivy and LiteLLM compromises, it has become clear that we still lack a good way to protect our CI/CD layer, specifically GitHub Action...

🚨 🚨 🚨 Following the recent Trivy and LiteLLM compromises, it has become clear that we still lack a good way to protect our CI/CD layer 🧨
rearmhq.com/blog/2026-03...
#SupplyChainSecurity #CICD #CyberSecurity

Tired of compliance being a roadblock? Join us on Sept... #FedRAMP, #PCIDSS, #HIPAA, #SOC2 events.chainguard.dev/02c6031d-d65b-417d-b62d-...

#DevSecOps #Cybersecurity #SupplyChainSecurity

Critical vulnerability CVE-2026-33634 found in Aqua Security's Trivy scanner, threatening CI/CD pipelines. Immediate action required! #CyberSecurity #TrivyVulnerability #CI/CD #SupplyChainSecurity Link: thedailytechfeed.com/critical-fla...

Critical flaw in Open VSX Registry exposed millions of developers to supply chain attacks. Ensure your extensions are up-to-date and from trusted sources. #PotatoSecurity #OpenVSX #SupplyChainSecurity Link: thedailytechfeed.com/critical-ope...

Critical flaw in Open VSX Registry exposed millions of developers to supply chain attacks. Ensure your extensions are up-to-date and from trusted sources. #CyberSecurity #OpenVSX #SupplyChainSecurity Link: thedailytechfeed.com/critical-ope...

Anchore Enterprise is now SPDX 3 Ready | Anchore SPDX 3 is here! Explore how Anchore Enterprise is leading the way in supporting the latest SBOM technology advancements.

Zero-day investigations rely on historical SBOM data.

Will you be ready when threats require next-gen SBOMs you never collected?

Anchore Enterprise 5.20 = SPDX 3.0 storage now.

➡️ anchore.com/blog/anchore-enterprise-...

#SBOM #SupplyChainSecurity

AI Supply Chain Security: Why Trust Is Your Biggest Vulnerability
youtu.be/RrzJPOGjI4M #CyberSecurity #AISecurity #ArtificialIntelligence #MachineLearning #SupplyChainSecurity #AIThreats #Infosec #DataSecurity #OpenSourceSecurity #CloudSecurity #RiskManagement #AIGovernance

OSSPREY

Ossprey has detected a new wave of #TeamPCP malware embedded in #telnyx versions 4.87.1 and 4.87.2 on #PyPI.

Full analysis is on our blog.

If telnyx is in your dependency tree, check your installed version now.

ossprey.com/blog/telnyx-...

#SupplyChainSecurity #PyPI #OpenSource #Malware #AppSec

GitHub's beefing up Actions security with a 2026 roadmap. Things like deterministic dependencies and scoped secrets are coming. Finally, my CI/CD won't be a free-for-all! 🔒 #CICD #SupplyChainSecurity

NetRise Launches NetRise launches Provenance, a new software supply chain security product that identifies risks associated with the individual contributors and organizations behind open-source components.

NetRise launches 'Provenance' at #RSAC2026, a new tool to vet the individual contributors behind open-source projects. It moves beyond SBOMs to identify human-centric risk in the software supply chain. 👨‍💻 #SupplyChainSecurity #OpenSource #DevSecOps

How AI agents can weaponize IDEs AI coding assistants may be turning IDEs into privileged insider threats. Big wake-up call for dev teams and security leaders. more

AI coding assistants may be turning IDEs into privileged insider threats. Big wake-up call for dev teams and security leaders. jpmellojr.blogspot.com/2026/03/how-...
#AI #DevSecOps #AppSec #AIAgents #IDEaster #SupplyChainSecurity

TeamPCP Backdoors LiteLLM via Trivy
Read More: buff.ly/9DwmFvk

#TeamPCP #LiteLLM #Trivy #PyPI #SupplyChainSecurity #KubernetesSecurity #CredentialTheft #DevSecOps

Supply-chain attacks now: “log in,” not “break in.”
Group-IB: SaaS + tokens scale compromise.
Takeaway: trace vendor tokens + perms.
Worst risk: SaaS sprawl, machine IDs, or OSS?
www.group-ib.com/blog/supply...

#SupplyChainSecurity #Cybersecurity

Trusted software can be your biggest blind spot. Attackers hide malicious code in updates and open-source packages. Verify dependencies and monitor your supply chain—if you don’t, attackers will. #Cybersecurity #AppSec #SupplyChainSecurity #CurrentTEKSolutions

AI infrastructure fractures as LiteLLM falls to widespread supply chain assault Malicious Python library versions compromised in escalating campaign that exploited prior Trivy vulnerability scanner breach affecting 97 million monthly downloads.

AI infrastructure fractures as LiteLLM falls to widespread supply chain assault

#SupplyChainSecurity #OpenSource #CyberSecurity #AusNews

thedailyperspective.org/article/2026-03-24-ai-in...

Aqua Security Works with Sygnia to Remediate Trivy Supply Chain Attack Leveraging CI/CD Vulnerabilities that Expanded to Compromised Docker Images The latest Trivy supply chain attack stemmed from a malicious release. Aqua Security and Sygnia work to remediate the issue.

Read the full breakdown:
www.technadu.com/aqua-securit...

Do you think most organizations are prepared for CI/CD supply chain attacks? Share your thoughts 👇
#CyberSecurity #DevSecOps #SupplyChainSecurity #CloudSecurity #Infosec

🔐 Compromiso en la cadena de suministro de Trivy: Lo que deben saber los usuarios de Docker Hub

Información sobre un incidente de seguridad que

www.docker.com/blog/trivy-supply-chain-...

#Trivy #DockerHub #SupplyChainSecurity #Docker #RoxsRoss