Master the OWASP Top 10 CI/CD Security Risks. Concrete attacks, code examples, and battle-tested controls to harden your pipelines against supply chain threats.
The software supply chain is under relentless attack from campaigns like TeamPCP and the Axios hack. Learn actionable, step-by-step strategies to secure your CI/CD pipelines and developer endpoints.
Leaked service account keys are a top cloud security risk. This definitive developer's guide explains how to go keyless with GCP's Workload Identity Federation.
TeamPCP strikes again. The popular Python package litellm (versions 1.82.7 and 1.82.8) was compromised on PyPI, deploying a credential harvester and Kubernetes backdoor.
Aqua Security's Trivy was compromised a second time on March 19, 2026, by "TeamPCP." Learn how malicious v0.69.4 and GitHub Actions were used to steal CI/CD secrets, how to detect the breach, and immediate remediation steps.