SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
Security Boulevard

The Trivy Supply Chain Compromise: What Happened and Playbooks to Respond

On March 19, 2026, a threat actor known as TeamPCP compromised Aqua Security’s Trivy vulnerability scanner – the most widely adopted open-source scanner in the cloud-native ecosystem. The attacker ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...
Morning Overview on MSN

OpenAI buys Python toolmaker Astral to bolster Codex vs. Anthropic

OpenAI has agreed to acquire Astral, a startup behind widely used Python development tools, in a deal designed to sharpen its ...
Hackaday

This Week In Security: Linux Flaws, Python Ownage, And A Botnet Shutdown

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...
WinBuzzer

OpenAI Acquires Python Toolmaker Astral to Boost Codex AI Agent

OpenAI has acquired Astral, the company behind Python tools uv and Ruff, to integrate them into its Codex platform as it ...
NetEye Blog

Reflections on Running LLMs Locally: Why It Is Worth Running Them on Your Own Infrastructure

Model selection, infrastructure sizing, vertical fine-tuning and MCP server integration. All explained without the fluff. Why Run AI on Your Own Infrastructure? Let’s be honest: over the past two ...