Master the OWASP Top 10 CI/CD Security Risks. Concrete attacks, code examples, and battle-tested controls to harden your pipelines against supply chain threats.
Traditional security frameworks don't map the modern software supply chain. Discover SITF, the new open-source SDLC Infrastructure Threat Framework by Wiz, designed to visualize, analyze, and prevent complex supply chain attacks.
The software supply chain is under relentless attack from campaigns like TeamPCP and the Axios hack. Learn actionable, step-by-step strategies to secure your CI/CD pipelines and developer endpoints.
A massive supply chain attack has hit the popular npm package Axios. Versions 1.14.1 and 0.30.4 deploy a stealthy Remote Access Trojan (RAT) via a fake dependency. Learn how to detect and remediate this critical threat.
TeamPCP strikes again. The popular Python package litellm (versions 1.82.7 and 1.82.8) was compromised on PyPI, deploying a credential harvester and Kubernetes backdoor.
Aqua Security's Trivy was compromised a second time on March 19, 2026, by "TeamPCP." Learn how malicious v0.69.4 and GitHub Actions were used to steal CI/CD secrets, how to detect the breach, and immediate remediation steps.