2+ day, 4+ hour ago  (955+ words) Red Agent is an AI-powered, context-aware attacker that uncovers complex exploitable risks across your entire attack surface, continuously and at scale. In early testing with design partners, Red Agent has already identified critical vulnerabilities that remained undetected despite extensive manual…...

1+ day, 8+ hour ago  (415+ words) Europe's fastest-growing software company achieved full cloud visibility across continuous growth M&A activities while improving cloud security posture by 66% Continuous M&A integration: TeamSystem acquires a large amount of companies annually, each bringing its own infrastructure, cloud architectures, and…...

1+ day, 2+ hour ago  (334+ words) LiteLLM is the latest victim of TeamPCP's open-source attack spree. Malicious versions 1.82.7 and 1.82.8 abuse Python's .pth mechanism for stealthy persistence. The malware exfiltrates cloud credentials, CI/CD secrets, and keys to attacker-controlled domains. 1.82.7 drops the double base64 encoded payload to disk…...

2+ week, 4+ day ago  (167+ words) config.py:546 - Wildcard CORS origin default This misconfiguration enables two distinct attack paths: 1. Cross-origin browser attack (CORS - this advisory) 2. Direct network access (compounding factor) Replace the wildcard default with an explicit localhost origin: The vulnerability exists in the Python source…...

1+ day, 16+ hour ago  (86+ words) Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths. Has CISA KEV Exploit'No CISA KEV Release Date'N/A CISA KEV Due Date'N/A Affected packages and libraries Get a prioritized view of CVEs…...

2+ day, 3+ hour ago  (610+ words) Checkmarx KICS scanner is the latest victim of a credential-stealing supply chain attack by TeamPCP. Between 12:5816:50 UTC on March 23, 35 tags were hijacked. Learn how to audit your workflows, identify malicious activity, and secure your GitHub Actions. Update 19:24 UTC: The repository…...

2+ day, 8+ hour ago  (1136+ words) A new security operating model powered by AI agents that removes bottlenecks and enables teams to act at the speed of AI AI is changing not just how we build " but how security operates. AI-generated code, autonomous agents, and dynamic…...

4+ day, 22+ hour ago  (1305+ words) IaC is the ultimate blind spot: While most teams focus on application vulnerabilities, the most immediate danger is AI-generated Infrastructure-as-Code (IaC). A single generated Terraform module can instantly expose cloud resources with insecure defaults the moment it deploys. The human…...

4+ day, 22+ hour ago  (1419+ words) The application is no longer just code: Traditional AppSec assumes the code is the application. In AI, the application is the code, the underlying model, the training data, and the autonomous agents all acting together. Traditional scanners only see a…...

5+ day, 5+ hour ago  (696+ words) On March 19, 2026, threat actors injected credential-stealing malware into Aqua Security's Trivy scanner and related GitHub Actions. Learn how "TeamPCP" executed this breach and how to audit your environment. On March 19, 2026, threat actors compromised Aqua Security's Trivy vulnerability scanner, injecting credential-stealing…...