Tag: tool
-
Anduril’s Real War Is With Itself
From drones to missiles to submarines, the $30.5 billion defense startup wants to transform how the tools of war are made. It’s not all going as planned. First seen on wired.com Jump to article: www.wired.com/story/andurils-real-war-is-with-itself/
-
Microsoft Unveils New Guidance to Detect and Defend Against Trivy Supply Chain Attack
Tags: attack, credentials, cve, cyber, malware, microsoft, supply-chain, threat, tool, vulnerabilityAqua Security’s vulnerability scanner, Trivy, suffered a sophisticated CI/CD supply chain compromise. The threat actor, identified as TeamPCP, leveraged prior incomplete remediation to inject credential-stealing malware into official releases. This incident, tracked as CVE-2026-33634, successfully weaponized a trusted security tool against the organizations relying on it to stay safe. This visualizes the attack propagation timeline…
-
Kali Linux 2026.1 Launches with 8 New Tools, UI Refresh, and Kernel Upgrade
Kali Linux continues to evolve as a leading platform for penetration testing, and its latest release, Kali Linux 2026.1, introduces a mix of visual updates, new tools, and system-level improvements. This release not only refines the user experience but also pays tribute to its roots in BackTrack, marking a significant milestone in the project’s history. First seen…
-
GitHub adds AI-powered bug detection to expand security coverage
GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static analysis and cover more languages and frameworks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-adds-ai-powered-bug-detection-to-expand-security-coverage/
-
Chained vulnerabilities in Cisco Catalyst switches could induce denialservice
Vulnerable products and fixes: Cisco has addressed all four CVEs in its March 25 semiannual Cisco IOS and IOS XE Software Security Advisory. Although none of the individual CVSS scores are high (ranging from 4.8 for CVE-2026-20112 to 6.5 for CVE-2026-20110) the danger is amplified by the way the first two can be chained.Cisco’s Software…
-
Supply chain attack hits widely-used AI package, risks impacting thousands of companies
The incident highlights growing concerns over the security of the open-source software supply chain, where widely-used tools maintained by small teams can provide a gateway into thousands of organizations if compromised. First seen on therecord.media Jump to article: therecord.media/supply-chain-attack-hits-widely-used-ai-package
-
Novee Brings Autonomous Red Teaming to LLM Applications, Built From Its Own Vulnerability Research
Novee has introduced AI Red Teaming for LLM Applications, an autonomous security testing capability built into its AI penetration testing platform. The product is designed to find vulnerabilities in AI-powered applications before attackers do, addressing a category of risk that traditional pentesting tools were never built to handle. As enterprises deploy more AI-enabled software, from..…
-
NetRise Launches Provenance to Map Who Is Behind Open Source Components and How Risk Spreads
NetRise launched NetRise Provenance on March 24 at RSAC 2026, a new product that adds contributor-level visibility to software supply chain analysis. Where most supply chain tools stop at identifying components and vulnerabilities, Provenance goes a layer deeper: mapping which humans and organizations are behind the open source packages inside enterprise software and connected devices,..…
-
Cyera Ships Browser Shield, Data Lineage, and MCP to Close AI Data Security Gaps
Cyera announced three new capabilities at RSAC 2026 on March 24: Browser Shield for AI, Data Lineage for files, and Cyera MCP. Together, they address two of the most pressing blind spots in enterprise AI security, what employees are sending into AI tools, and what happens to data after AI agents get access to it……
-
ConductorOne Launches AI Access Management to Govern AI Tools, Agents, and MCP Connections
ConductorOne announced AI Access Management on March 19, a new product extension that extends its identity governance platform to cover AI tools, AI agents, and Model Context Protocol (MCP) connections across the enterprise. The announcement came ahead of RSAC 2026 in San Francisco. The core problem ConductorOne is addressing is shadow AI proliferation. According to..…
-
North Korean Hackers Are Turning VS Code Into a Silent Attack Tool
Developer environments are designed for speed, automation, and flexibility. Features like auto-run tasks and integrated scripting help streamline workflows, but they can also introduce new security risks when abused. New reporting from The Hacker News reveals that North Korean threat actors are exploiting auto-execution features in Visual Studio Code to execute malicious code on developer…
-
Try our new dimensional analysis Claude plugin
We’re releasing a new Claude plugin for developing and auditing code that implements dimensional analysis, a technique we explored in our most recent blog post. Most LLM-based security skills ask the model to find bugs. Our new dimensional-analysis plugin for Claude Code takes a different approach: it uses the LLM to annotate your codebase with…
-
Kali Linux 2026.1 released with 8 new tools, new BackTrack mode
Kali Linux 2026.1, the first release of the year, is now available for download, featuring 8 new tools, a theme refresh, and a new BackTrack mode for Kali-Undercover. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/linux/kali-linux-20261-released-with-8-new-tools-new-backtrack-mode/
-
AI-Native Security Is a Must to Counter AI-Based Attacks
Attacks by artificial intelligence agents are a reality. Experts at Nvidia’s GTC conference say defenders need to use the same tools to fight them off. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/ai-native-security-counter-attacks
-
PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials
Tags: access, advisory, api, attack, cloud, container, credentials, data, exploit, extortion, github, group, infrastructure, malicious, malware, open-source, pypi, supply-chain, tactics, tool, vulnerabilityAn expanding supply-chain campaign: The LiteLLM incident has been confirmed to be a part of the rapidly unfolding TeamPCP supply chain campaign that first compromised Trivy.Trivy, developed by Aqua Security, is a widely used open-source vulnerability scanner designed to identify security issues in container images, file systems, and infrastructure-as-code (IaC) configurations. The ongoing attack, attributed…
-
Check Point etabliert Intelligenzebene, um agentenbasierte Systeme zu sichern
Check Point Software Technologies hat <> vorgestellt. Diese einheitliche KI-Sicherheitssteuerungsebene unterstützt Unternehmen dabei, die Vernetzung, Bereitstellung und den Betrieb von KI im gesamten Unternehmen zu steuern. Da sich KI-Systeme von Assistenten zu autonomen Akteuren entwickeln, die auf Daten zugreifen, Tools aufrufen und eigenständig handeln, bietet die Lösung die erforderliche Intelligenzebene, um […] First seen on…
-
LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks
A slew of supply chain attacks against popular open source tools and packages appears to have been orchestrated by TeamPCP, a cybercriminal group that rose to prominence in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/25/teampcp-supply-chain-attacks/
-
LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks
A slew of supply chain attacks against popular open source tools and packages appears to have been orchestrated by TeamPCP, a cybercriminal group that rose to prominence in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/25/teampcp-supply-chain-attacks/
-
Malicious LiteLLM versions linked to TeamPCP supply chain attack
TeamPCP backdoored LiteLLM v1.82.71.82.8, likely via Trivy CI/CD, adding tools to steal credentials, move in Kubernetes, and keep persistent access. Threat actor TeamPCP compromised LiteLLM versions 1.82.7 and 1.82.8, likely through a Trivy CI/CD breach. LiteLLM, with over 95 million monthly downloads, helps developers route LLM requests via a single API. The malicious releases, now…
-
Malicious LiteLLM versions linked to TeamPCP supply chain attack
TeamPCP backdoored LiteLLM v1.82.71.82.8, likely via Trivy CI/CD, adding tools to steal credentials, move in Kubernetes, and keep persistent access. Threat actor TeamPCP compromised LiteLLM versions 1.82.7 and 1.82.8, likely through a Trivy CI/CD breach. LiteLLM, with over 95 million monthly downloads, helps developers route LLM requests via a single API. The malicious releases, now…
-
Attacken auf Security-Tools und mehr: Über 1.000 Cloudumgebungen kompromittiert
Der Trivy-Hack war nur der Anfang einer riesigen Angriffskampagne auf mehrere Software-Projekte. Es ist mit extrem weitreichenden Folgen zu rechnen. First seen on golem.de Jump to article: www.golem.de/news/attacken-auf-security-tools-und-mehr-ueber-1-000-cloudumgebungen-kompromittiert-2603-206899.html
-
AI-Driven ‘OpenClaw Trap’ Campaign Targets Developers and Gamers via Trojanized GitHub Repos
A large-scale malware operation abusing GitHub to deliver a custom LuaJIT-based trojan to developers, gamers, and everyday users through convincing but trojanized repositories. The campaign, tracked as “TroyDen’s Lure Factory,” spans more than 300 delivery packages and uses AI-assisted lures ranging from OpenClaw deployment tools to game cheats, Roblox scripts, crypto bots, VPN crackers, and…
-
Kali Linux 2026.1 Launches With 8 New Hacking Tools for Penetration Testers
Offensive Security has officially released Kali Linux 2026.1, marking the first major update of the year for the popular penetration testing distribution. Building on the foundation of the 2025.4 release, this new version introduces a comprehensive visual refresh, a nostalgic anniversary mode, improved mobile hacking capabilities, and an expanded arsenal of security tools. The 2026…
-
Compromised LiteLLM Package With 95M Downloads Tied to TeamPCP, After Trivy KICS Hacks
Security researchers discovered that the popular Python library litellm was compromised on PyPI. With over 95 million monthly downloads, this open-source tool helps developers route requests across various LLM providers through a single API. The threat actor, identified as TeamPCP, injected malicious code into versions 1.82.7 and 1.82.8. This devastating supply chain attack directly follows the group’s…
-
Compromised LiteLLM Package With 95M Downloads Tied to TeamPCP, After Trivy KICS Hacks
Security researchers discovered that the popular Python library litellm was compromised on PyPI. With over 95 million monthly downloads, this open-source tool helps developers route requests across various LLM providers through a single API. The threat actor, identified as TeamPCP, injected malicious code into versions 1.82.7 and 1.82.8. This devastating supply chain attack directly follows the group’s…
-
Kali Linux 2026.1 ships BackTrack mode, eight new tools, and a kernel upgrade to 6.18
Penetration testers running Kali Linux have a new release to work with. Version 2026.1 delivers the annual theme refresh, a new BackTrack-inspired mode in kali-undercover, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/25/kali-linux-2026-1-release/
-
DarkSword’s GitHub leak threatens to turn elite iPhone hacking into a tool for the masses
Cybersecurity researchers say the GitHub leak threatens to “democratize” iPhone exploits that were once reserved for nation-states, potentially putting hundreds of millions of iOS 18 devices at risk. First seen on cyberscoop.com Jump to article: cyberscoop.com/darksword-iphone-spyware-leak-ios-18-exploit-threat/
-
How AI Coding Tools Crushed the Endpoint Security Fortress
Security vendors have spent years building up defenses around the endpoint, but one researcher says AI coding tools have brought the walls down. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/ai-coding-tools-endpoint-security
-
AI and Medical Device Cybersecurity: The Good and Bad
Is AI Exposing a Growing Vulnerability Risk Mitigation Gap?. AI-fueled tools can help to identify medical device vulnerabilities much faster and at a higher volume than more traditional tools. But can device manufacturers and healthcare delivery organizations keep up with prioritizing and addressing a tidal wave of newly discovered flaws? First seen on govinfosecurity.com Jump…
-
Tools to Measure Data Center Infrastructure Efficiency: The Complete Guide
Measuring data center efficiency requires the right tools, not guesswork. This guide covers 20 platforms across six categories, from enterprise DCIM suites to cloud-native options like Hyperview, helping IT leaders track PUE, reduce energy costs, and meet sustainability mandates with confidence. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/tools-to-measure-data-center-infrastructure-efficiency-the-complete-guide/