Originally reported by The Hacker News, Microsoft Security, Qualys, SANS ISC, MSRC Security Updates
TL;DR
Supply chain threat actor TeamPCP has compromised the popular Python package LiteLLM with credential-stealing backdoors, while a sophisticated malvertising campaign exploits tax season searches to deploy EDR-bypassing malware. Microsoft released comprehensive guidance for detecting and defending against the ongoing Trivy supply chain compromise.
TeamPCP's active supply chain compromise of popular open-source packages represents a critical threat to global CI/CD infrastructure. Combined with sophisticated EDR bypass techniques and widespread malvertising campaigns, these attacks demonstrate immediate enterprise risk.
The threat actor TeamPCP has escalated their supply chain campaign by compromising the popular Python package LiteLLM, according to security researchers at Endor Labs and JFrog. The attackers published malicious versions 1.82.7 and 1.82.8 containing a credential harvester, Kubernetes lateral movement toolkit, and persistent backdoor.
This attack follows the same pattern as TeamPCP's recent compromises of the Trivy and KICS security scanning tools, demonstrating the actor's sustained focus on infiltrating widely-used open source security packages to gain access to enterprise CI/CD pipelines.
Microsoft Security published comprehensive guidance for detecting, investigating, and defending against the ongoing Trivy supply chain compromise. The analysis details how threat actors abused trusted Trivy distribution channels to inject credential-stealing malware into CI/CD pipelines worldwide, providing security teams with concrete detection and mitigation steps.
The guidance emphasizes the critical need for supply chain security controls as attackers increasingly target development infrastructure to achieve broad organizational access.
A large-scale malvertising campaign active since January 2026 has been targeting U.S. individuals searching for tax-related documents, delivering rogue ConnectWise ScreenConnect installers that deploy EDR-disabling malware. The campaign abuses Google Ads to serve malicious installers containing HwAudKiller, a tool that uses the bring-your-own-vulnerable-driver (BYOVD) technique with a compromised Huawei driver to disable endpoint security products.
This sophisticated attack chain demonstrates the evolution of malvertising tactics, combining social engineering around tax season urgency with advanced EDR evasion techniques to establish persistent access to corporate networks.
Securonix researchers identified an ongoing phishing campaign targeting French-speaking corporate environments using fake resume documents that deploy cryptocurrency miners and information stealers. The campaign employs highly obfuscated VBScript files disguised as CV documents, delivered through targeted phishing emails.
The attack represents a tactical shift toward localized campaigns that exploit hiring processes to gain initial access to corporate networks, subsequently deploying both profit-driven cryptocurrency mining and data exfiltration capabilities.
Microsoft published research exploring the alignment of AI agent behavior across user, developer, role, and organizational intent layers. The research addresses critical security considerations for enterprise AI adoption, providing a framework for governing autonomous agent behavior in production environments.
Qualys announced their new mROC (managed Risk Operations Center) portal designed to help partners scale risk operations beyond traditional vulnerability management. The platform addresses the evolution from CVSS-based spreadsheet reporting to unified risk assessment across cloud, on-premises, OT, IoT, and AI workloads.
SANS Internet Storm Center researchers documented the SmartApeSG campaign, which distributes multiple remote access trojans including Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2). The multi-payload approach indicates sophisticated threat actors deploying diverse capabilities for different operational phases.
SANS researchers highlighted the security risks posed by rogue IP KVM devices, which can enable unauthorized remote access to corporate systems. The analysis references recent Eclypsium research on IP KVM vulnerabilities and provides guidance for detecting unauthorized KVM deployments, particularly relevant given reports of North Korean workers using such devices to circumvent geographic restrictions.
Microsoft's Security Response Center disclosed multiple critical vulnerabilities across various components:
CVE-2026-2443: Out-of-bounds read in libsoup leading to heap information disclosureCVE-2026-27623: Pre-authentication denial of service in Valkey from malformed RESP requestsCVE-2026-4437: Incorrect DNS response handling in gethostbyaddr functionsCVE-2026-4426: Denial of service in libarchive via malformed ISO file processingCVE-2026-4395: Heap-based buffer overflow in wolfSSL ECC import functionCVE-2026-1005: Integer underflow leading to out-of-bounds access in cryptographic functionsCVE-2026-33056: Directory traversal via symlinks in tar-rs libraryCVE-2026-33055: Incorrect PAX header handling in tar-rsCVE-2026-3580: Compiler-induced timing leak in RISC-V cryptographic operationsCVE-2026-3579: Non-constant time multiplication in RISC-V implementationsCVE-2026-32141: Unbounded recursion denial of service in flatted libraryCVE-2025-13462: Directory type normalization bypass in Python tarfileCVE-2026-4519: Command injection via leading dashes in Python webbrowser.open()CVE-2026-23669: Remote code execution in RPC Runtime LibraryOriginally reported by The Hacker News, Microsoft Security, Qualys, SANS ISC, MSRC Security Updates