In r/redteamsec and r/hacking, discussion centers on supply chain compromise patterns such as CI CD trust abuse and tag poisoning, with real world examples used to frame developer targeting and credential theft risks.
Trivy Supply Chain Attack (TeamPCP) — CI/CD Trust Abuse, Tag Poisoning, and Credential Theft
Yeah this is basically an advanced-ish ClickFix.
If you are developer they are trying to pwn you to steal something like admin access, crypto, wallet backups, all your stuff via an infostealer and etc.
This is exactly how the Axios team got pwned by North Korea in the recent supply chain hack.
This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new expert voices, debates, and emerging ideas.
← Back to Cyber Security