European Commission Cloud Breach Exposes Data from 30 EU Entities, Linked to TeamPCP On March 27, 2026, CERT-EU disclosed a cybersecurity breach affecting the European Commission’s Amazon Web Services (AWS) cloud environment, exposing data from at least 30 EU entities. The attack, attributed to the TeamPCP threat group, was first detected by the Commission on March 24, though initial access occurred as early as March 10 via a compromised AWS API key. The breach stemmed from a supply-chain attack on Trivy, a vulnerability scanning tool, which was exploited to steal an AWS secret key on March 19. TeamPCP used this access to deploy TruffleHog, a credential-scanning tool, and created additional access keys to evade detection while conducting reconnaissance and data exfiltration. The group, known for targeting platforms like GitHub, PyPI, and Docker, has been linked to similar supply-chain compromises, including a malicious LiteLLM package used to distribute malware. By March 25, the Commission’s Cybersecurity Operations Centre (CSOC) identified unusual AWS API activity, prompting an investigation. While the breach did not disrupt website availability or affect internal Commission systems, 350GB of data including emails, databases, contracts, and personal information was stolen. On March 28, the ShinyHunters group leaked the stolen data, which included names, usernames, email addresses, and over 51,000 outbound emails, some containing user-submitted content. CERT-EU confirmed that 71 clients of the Europa web hosting service were impacted, including 42 European Commission entities and 29 other EU bodies. The Commission has notified affected parties and is conducting a full impact assessment, though no evidence suggests website tampering or device compromise. This incident follows a separate January 30 attack on the Commission’s mobile device management system, where attackers accessed limited staff data but failed to compromise devices. The EU continues to strengthen cybersecurity measures amid rising threats to critical institutions.

European Commission Hit by Major Supply-Chain Attack via Compromised Trivy Scanner On April 3, 2026, CERT-EU issued an advisory revealing a sophisticated supply-chain attack targeting the European Commission (EC) through a compromised version of Trivy, a widely used open-source vulnerability scanner. The threat actor, identified as TeamPCP, exploited a flaw in the tool’s continuous integration and continuous delivery (CI/CD) pipeline to harvest AWS API keys, enabling large-scale data exfiltration. The breach resulted in the theft of over 340 GB of uncompressed data, affecting 71 clients hosted on the Europa web hosting service, the EC’s primary digital platform. The attack underscores the growing risk of trusted open-source tools as vectors for cyber threats, particularly when integrated into critical infrastructure. CERT-EU’s findings highlight the severity of the incident, which leveraged a seemingly secure component to gain unauthorized access to sensitive cloud environments. No further details on the nature of the exfiltrated data or remediation efforts have been disclosed.

Cisco Hit by Major Cyberattack Linked to Supply Chain Breach Cisco is responding to a significant cybersecurity incident after threat actors breached its internal development networks, stealing sensitive source code and corporate data. The attack, claimed by the hacking group ShinyHunters, also allegedly impacted Salesforce, Aura, and AWS storage buckets. The breach originated from a supply chain attack involving Trivy, a widely used vulnerability scanner. Attackers exploited a malicious GitHub Action plugin tied to the Trivy compromise, allowing them to steal credentials and infiltrate Cisco’s build environments. Once inside, they compromised dozens of devices, including lab workstations and developer systems, gaining access to highly sensitive data. The stolen material includes AWS keys, which were used to perform unauthorized actions in Cisco’s cloud accounts, and over 300 private GitHub repositories. These repositories contain unreleased product source code, including AI Assistants and AI Defense technologies, as well as data belonging to corporate clients, such as major banks, BPO firms, and U.S. government agencies. Cisco’s security teams including the Unified Intelligence Center, CSIRT, and EOC moved quickly to contain the breach by isolating affected systems, wiping compromised machines, and enforcing a mass credential reset. However, the company has not yet issued a public statement, and internal sources suggest ongoing complications from the incident. While ShinyHunters has taken credit for the data theft, security researchers link the underlying Trivy supply chain attack to TeamPCP, a separate group known for deploying custom malware ("TeamPCP Cloud Stealer") to hijack developer platforms like Docker, NPM, and PyPi. TeamPCP has also been tied to recent breaches of LiteLLM and Checkmarx, raising concerns about secondary attacks stemming from related vulnerabilities.

Critical Trivy Scanner Vulnerability Added to CISA’s Exploited Flaws Catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-33634, a severe vulnerability in Aquasecurity’s Trivy scanner, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, classified under CWE-506 (embedded malicious code), allows threat actors to compromise CI/CD pipelines by exploiting the security tool itself. The vulnerability stems from malicious code embedded in Trivy’s architecture, turning a trusted scanning utility into a vector for unauthorized access. If exploited, attackers can extract authentication tokens, SSH keys, cloud credentials, and database passwords from memory during scans. Since Trivy requires elevated permissions for deep container and infrastructure-as-code (IaC) analysis, successful exploitation grants full control over the development environment. CI/CD pipelines are prime targets for supply chain attacks, as compromised environments enable attackers to distribute malicious updates directly to end users, bypassing traditional security measures. CISA has set a remediation deadline of April 9, 2026, for Federal Civilian Executive Branch (FCEB) agencies under Binding Operational Directive (BOD) 22-01, though private organizations are urged to act with equal urgency. Aquasecurity has released patches, but if unavailable, CISA advises discontinuing Trivy’s use to mitigate risk. Beyond patching, security teams must rotate all exposed credentials including cloud tokens, SSH keys, and database passwords and audit cloud environments for suspicious activity, as the flaw’s memory exposure may have already led to breaches.

EU Commission Confirms Cyberattack on Europa.eu Cloud Infrastructure On 24 March, the European Commission detected a cyberattack targeting the cloud infrastructure hosting its Europa.eu web platform the primary online gateway for the Commission, European Parliament, Council of the EU, and other EU institutions. The attack was swiftly contained, with the Commission confirming that public access to EU websites remained uninterrupted while mitigation measures were implemented. Early findings indicate that data was exfiltrated from the affected systems, though the type and volume of compromised data remain undisclosed. The Commission has begun notifying potentially impacted EU entities but has not identified the attackers. Notably, the breach did not penetrate the Commission’s internal networks, which handle sensitive communications and operations. The incident underscores Europe’s escalating cyber threats, with ENISA (the EU’s cybersecurity agency) recently warning that the region is facing severe risks from both criminal gangs and state-backed hackers. While the investigation continues, the attack highlights vulnerabilities in shared digital infrastructure, even as the EU strengthens its defenses through regulations like the NIS2 Directive and the Cyber Solidarity Act. Though the UK is no longer an EU member, the breach serves as a reminder that cyber threats transcend borders, affecting governments and organizations operating in the same high-risk environment. The Commission’s response limiting disruption and isolating the breach demonstrates the value of segmented infrastructure and rapid incident containment.

Supply Chain Attack on Trivy Expands into Lapsus$-Linked Extortion Campaign, Compromising Over 1,000 SaaS Environments A sophisticated supply chain attack targeting Trivy, a widely used open-source security scanner, has escalated into a large-scale extortion campaign linked to the cybercriminal group Lapsus$, compromising over 1,000 enterprise SaaS environments. The attack, first detected in late February, involved the compromise of Trivy’s VS Code extension, GitHub Action, and Docker Hub artifacts, with malicious payloads distributed through manipulated version tags and cached mirror infrastructure. The threat actors, initially identified as the cloud-native group TeamPCP, gained persistent access to Aqua Security’s GitHub organization, defacing all 44 repositories with the message “TeamPCP Owns Aqua Security.” Mandiant’s investigation revealed that the attackers later funneled stolen access to broader criminal networks, including Lapsus$, known for aggressive extortion tactics. The attack leveraged stolen credentials likely obtained through a third-party breach to backdoor multiple components, including LiteLLM, an AI middleware library embedded in cloud environments. Security firms Wiz and Socket confirmed that the campaign expanded across the npm ecosystem, with over 29 malicious packages distributed using compromised publish tokens. Despite takedown efforts, cached copies of the malicious Trivy artifacts continued circulating via mirror infrastructure like mirror.gcr.io. Security experts warned that the attackers timed their escalation strategically, waiting until defenders were distracted by RSA Conference 2026 before launching follow-on attacks. Cory Michal (AppOmni) and Isaac Evans (Semgrep) emphasized that the incident highlights critical weaknesses in third-party code governance, with attackers exploiting implicit trust in supply chains and mutable version tags to scale their reach. Aqua Security confirmed that its commercial products remain unaffected due to architectural isolation, but credential revocation and rotation efforts are ongoing. Mandiant has yet to determine the initial source of the stolen credentials, suspecting a breach at a business process outsourcer or partner organization. As the fallout continues, the attackers have publicly signaled plans to target additional open-source projects, with security researchers warning that the 1,000+ downstream victims could expand significantly in the coming months. The incident underscores the growing threat of supply chain attacks, where a single compromise can cascade across thousands of organizations.

GitHub Actions Vulnerabilities Expose 38% of Organizations to Supply Chain Attacks A recent analysis reveals that 38% of organizations using GitHub Actions are running workflows with script injection vulnerabilities or unsafe trigger configurations, exposing them to significant supply chain risks. GitHub Actions, a core component of modern CI/CD pipelines, automates build, test, and deployment tasks often with elevated privileges and access to source code and credentials. Misconfigurations in these workflows can serve as prime entry points for attackers. Research from Datadog’s 2026 State of DevSecOps found that two out of three organizations have at least one vulnerability in their workflows or actions, expanding the attack surface. Real-world incidents demonstrate how threat actors exploit these weaknesses: - The *s1ngularity* attack abused the `pull_request_target` trigger, which allows workflows to run with heightened privileges. Attackers crafted malicious pull requests dubbed "pwn requests" to execute arbitrary code by exploiting the assumption that external input is trusted. - The *hackerbot-claw* campaign, an AI-driven attack, compromised over half of targeted repositories by injecting malicious input into workflow scripts. For example, unchecked pull request titles could break out of intended commands, enabling remote code execution. - The *TeamPCP* campaign exploited compromised credentials to publish malicious versions of popular tools like Trivy and KICS, manipulating version tags to trick workflows into executing tampered code. This risk is amplified by the fact that 71% of organizations do not pin GitHub Actions to specific commit hashes, leaving them vulnerable to dependency tampering. A successful compromise can have far-reaching consequences, including modified build artifacts, secret exfiltration, or backdoors in distributed software. GitHub has acknowledged these risks and outlined a security roadmap to mitigate them, including: - Deterministic dependency management (locking actions to commit hashes). - Centralized policies to restrict workflow triggers and initiator permissions. - Scoped secrets to limit credential exposure. - Enhanced observability via Actions Data Stream for real-time anomaly detection. - A native egress firewall to monitor and block unauthorized outbound traffic from CI/CD runners. Despite these upcoming protections, organizations remain responsible for securing their workflows treating them as part of the application attack surface, validating external input, and restricting token permissions. As CI/CD pipelines increasingly become high-value targets, insecure GitHub Actions configurations continue to pose a high-impact, widely exploitable threat.

Aqua Security Nautilus researchers uncovered the Hadooken malware, which primarily targets Oracle WebLogic servers. Hadooken has been implicated in multiple ransomware attacks and deploys cryptominers after compromising systems. The attackers gained initial access through weak passwords, achieving remote code execution, and utilized scripts for lateral movement within affected networks. Despite no active use of its Tsunami malware component observed, the presence of both the cryptominer and Tsunami indicates a significant threat. The attack has broader implications given that a substantial number of WebLogic servers are connected to the internet, and although many are protected, some exposed administration consoles are at risk.