supply chain attack
GitHub Action tag hijack turns CI/CD runs into credential theft
GitHub Action tag hijack turns CI/CD runs into credential theft A fresh GitHub Actions supply chain incident is a good reminder that "pinned" does not mean safe...
Lucas Oliveira
Research
Poisoned Trivy scanner led to malicious LiteLLM releases on PyPI
Poisoned Trivy scanner led to malicious LiteLLM releases on PyPI | 2026 The LiteLLM incident is what modern software supply-chain compromise looks like when one...
Lucas Oliveira
Research
Trivy GitHub Action compromise exposed CI/CD secrets in a stealth supply-chain attack
Trivy GitHub Action compromise exposed CI/CD secrets in a stealth supply-chain attack A supply-chain compromise in Aqua Security’s aquasecurity/trivy-action sho...
Lucas Oliveira
Research
Chrome Extension Supply-Chain Attack: ShotBird and QuickLens
Chrome Extension Supply-Chain Attack: ShotBird and QuickLens | 2026 Executive Summary ShotBird and QuickLens, two Chrome extensions that were previously legitim...
Lucas Oliveira
Research
Lotus Panda Chrysalis: Notepad++ Supply Chain Attack | 2026
Executive Summary Since June 2025, the Chinese state-sponsored [threat actor](https://invaders.ie/resources/glossary/advanced-persistent-threat) Lotus Panda (al...
Lucas Oliveira
Research