TeamPCP's supply-chain campaign has propagated from Trivy to Checkmarx KICS, Checkmarx GitHub Actions, two Open VSX plugins, and now Bitwarden CLI. Lapsus$ is handling the extortion. The blast radius now reaches a password manager with 10M+ users.
From a six-month DPRK social engineering operation to mass exploitation of developer ecosystems, this week's threat landscape reveals that the most reliable attack surface is the trust we extend by default.
Five AI infrastructure disclosures in one day share the same root cause: the gap between what users believe their security settings do and what the framework actually executes.
Every major incident this week exploited institutional or interpersonal trust rather than technical vulnerabilities. The adversary's target is not the system. It is the relationship.
Security