supply-chain-security

View All cybersecurity ai-security cloud-security zero-trust vulnerability security-architecture network-security security-operations iam supply-chain-security

How TeamPCP Compromised (again) LiteLLM

TeamPCP strikes again. The popular Python package litellm (versions 1.82.7 and 1.82.8) was compromised on PyPI, deploying a credential harvester and Kubernetes backdoor.

William OGOU • Mar 24, 2026 • 6 min read

supply-chain-security

The Second Fall of Trivy: How TeamPCP Poisoned the CI/CD Supply Chain

Aqua Security's Trivy was compromised a second time on March 19, 2026, by "TeamPCP." Learn how malicious v0.69.4 and GitHub Actions were used to steal CI/CD secrets, how to detect the breach, and immediate remediation steps.

William OGOU • Mar 20, 2026 • 7 min read

supply-chain-security

The Mass NPM Hijack Explained

Anatomy of the mass NPM hijack that breached the internet's core. This CISO's guide details the attack, its impact, and the immediate action plan you must execute now.

William OGOU • Sep 10, 2025 • 9 min read

supply-chain-security

CISA New Tool Solves Your Software Supply Chain Problem

CISA new tool translates security needs into ironclad contract language, solving the biggest problem in software supply chain security. A CISO guide to secure procurement.

William OGOU • Sep 2, 2025 • 7 min read

supply-chain-security

SBOMs: The Key to Software Supply Chain Security or an Unachievable Fantasy?

Unlock software supply chain security with SBOMs. Explore what an SBOM is, why it's vital for vulnerability management & compliance, current challenges, and future outlook.

William OGOU • May 7, 2025 • 9 min read

supply-chain-security

How TeamPCP Compromised (again) LiteLLM

The Second Fall of Trivy: How TeamPCP Poisoned the CI/CD Supply Chain

The Mass NPM Hijack Explained

CISA New Tool Solves Your Software Supply Chain Problem

SBOMs: The Key to Software Supply Chain Security or an Unachievable Fantasy?

Your Privacy Matters