CTI @wizsecurity.bsky.social
Adjuct at @jhu.edu - SAIS
Previously NSC44, Mandiant, Google
Go Mammoths
Ben Read
Loading...
Our write-up of the LiteLLM supply chain compromise earlier today. Tactics remain the same (with a new exfil domain), but they keep coming.
Let’s go Huskies.
🐺🐺🐺
The affected version has been revoked, but if it ran in your environment, you need to assume that any secrets in that location are compromised and look for the persistence mechanism.
💣Supply Chain attack affecting the Trivy scanner. 💣
Last night a malicious version (0.69.4) was published. This version steals credentials, cryptocurrency and keys from affected machines and installs a small python script for persistence.
www.wiz.io/blog/trivy-c...
Do you like these pictures I took
Another One: KICS GitHub Action compromised by TeamPCP
A few new TTPs here, will have more updates later today:
www.wiz.io/blog/teampcp...
I’ve been critical of Iran’s pre-war deterrence practices, but this seems like a reasonable intra-war deterrence success.
I keep seeing this framing like Bremmer's. It is wrong. Instead:
1. Iran was developing an ICBM when Khamenei imposed a 2,000-km range limit.
3. The programs shifted to space launch.
4. Khamenei lifted the restriction in October 2025 after the June attacks.
5. Now he's dead, and here we are.
