Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The FBI Just Issued an Alert on TeamPCP. Here's How They Get In

The FBI just issued a FLASH alert on TeamPCP — the group behind a wave of software supply chain attacks that compromised widely-used developer and security tools, harvesting cloud credentials, SSH keys, and Kubernetes secrets at scale. Tova Dvorin and Adrian Culley break down how TeamPCP operates with an APT's patience, and the open question the FBI alert doesn't answer: is a nation-state pulling the strings? Full breakdown on The Cyber Resilience Brief.

Ep. 66 - Poisoned Pipelines: TeamPCP and the FBI Flash on Weaponized Dev Tools

A criminal crew with APT-grade patience is trojanizing the very tools defenders trust. Host Tova Dvorin sits down with Adrian Culley to break down FBI FLASH-20260702-01 (coordinated with CISA) on TeamPCP — the group compromising Trivy, KICS, LiteLLM, and the Telnyx SDK to sit inside CI/CD pipelines. Inside: the CanisterWorm and SANDCLOCK credential stealers, the self-replicating "Mini Shai-Hulud" worm across npm and PyPI, npm account takeovers via expired recovery domains, and five concrete defenses — starting with searching your GitHub org for "tpcp-docs" right now.

Managed SOC Services: Your 2026 Selection Guide

The managed security services market is projected to reach US$ 87.9 Billion by 2033, up from US$ 41.3 Billion in 2026 at an 11.4% CAGR according to Persistence Market Research. That number matters because it reframes managed SOC services from a niche outsourcing decision into a mainstream operating model for security teams that can't afford blind spots, delayed response, or constant hiring battles.

BlackMatter Ransomware Explained: Delivery Methods, Tactics, and Targets

Emerging in July 2021, BlackMatter is a ransomware-as-a-service (RaaS) platform that permits the developers of the ransomware to generate income through the actions of their cybercriminal associates, referred to as BlackMatter actors, who utilize it against targets. BlackMatter is potentially a reimagining of DarkSide, another RaaS that remained operational from September 2020 to May 2021.

A Practical Image-to-Video Prompt System for AI Animation

An image-to-video prompt should direct motion without destroying the strengths of the source image. The model already has information about the subject, composition, and style; the prompt must explain what changes over time and what should remain fixed. This principle applies across product shots, character animation, anime scenes, and flexibleuncensored ai workflows. More adjectives do not necessarily create better video. Clear priorities do.

5-Hour Online Pre-Licensing Course - How Registration, Timing, and ID Verification Actually Work

New York rolled out an online version of its 5-hour pre-licensing course a few years back, and on paper it sounds like the easy option: no classroom, no fixed schedule, just log in and get through the material. In practice, the state built in a set of checks that a lot of first-time applicants never see coming, and a couple of deadlines that do not bend for anyone. None of it is designed to trip people up, but the 5 hour online pre-licensing course runs on rules that reward knowing them in advance and punish finding them out the hard way.

Detection Engineering: Build Robust Programs & Best

Your SOC probably already has detections. The problem is that many of them don't behave like a managed security capability. They behave like a pile of alerts. Analysts close noisy rules because they have to protect their queue. Engineers keep adding logic because coverage gaps are real. Leaders ask whether the program is improving, and the usual answers are weak. Alert counts go up. Tuning tickets pile up.

Authentication Bypass in the default configuration phpBB

June 10th, we announced a critical vulnerability in phpBB that lets attackers bypass authentication, now known as CVE-2026-48611. This post is a follow-up, containing technical details that explain exploit scenarios and detection methods. To get you up to speed, phpBB is an old forum software that's still being used today by various technical communities. phpBB's Site Showcase alone has over 6 million members.