criticalVulnerabilities & Exploits
TeamPCP Supply Chain Attacks Escalate with LiteLLM Compromise, Tax Season Malvertising Campaign Targets EDR
Supply chain threat actor TeamPCP has compromised the popular Python package LiteLLM with credential-stealing backdoors, while a sophisticated malvertising campaign exploits tax season searches to deploy EDR-bypassing malware. Microsoft released comprehensive guidance for detecting and defending against the ongoing Trivy supply chain compromise.
The Hacker News, Microsoft Security, Qualys, SANS ISC, MSRC Security Updates
supply-chainmalvertisingedr-bypass
🇺🇸Google🇨🇳Huawei