{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreiaq7soijkflb4gaytdeaynlv75v2lw6x3s763oywcsawc6syuu6si",
    "uri": "at://did:plc:wnd7xrumusq5uayjfi2pgfno/app.bsky.feed.post/3mhxqiab7mpq2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreidbcn4h7tyabe3biq44cqkpui3s7s3g5rtrxp5vrcqod557vai7xa"
    },
    "mimeType": "binary/octet-stream",
    "size": 197867
  },
  "description": "TL;DR\n\n * Microsoft Defender and macOS XProtect remain primary defenses as enterprises face rising endpoint threats, per 2026 security trends\n * TeamPCP expands campaign to target Checkmarx KICS scanner and OpenVSX extensions, exfiltrating 300GB of corporate credentials\n * TeamPCP supply chain attack compromises LiteLLM on PyPI, exfiltrates 500K+ credentials via backdoored versions 1.82.7 and 1.83.8\n\n\n🧨 99% Detection, 100% Delusion: Free AV Fails AI Malware Surge\n\n70% of corp laptops still lean",
  "path": "/2026-03-26-335546794906304721504082477760791856867/",
  "publishedAt": "2026-03-26T13:46:24.000Z",
  "site": "https://espresso.cafecito.tech",
  "tags": [
    "@v3"
  ],
  "textContent": "### TL;DR\n\n  * Microsoft Defender and macOS XProtect remain primary defenses as enterprises face rising endpoint threats, per 2026 security trends\n  * TeamPCP expands campaign to target Checkmarx KICS scanner and OpenVSX extensions, exfiltrating 300GB of corporate credentials\n  * TeamPCP supply chain attack compromises LiteLLM on PyPI, exfiltrates 500K+ credentials via backdoored versions 1.82.7 and 1.83.8\n\n\n\n* * *\n\n## 🧨 99% Detection, 100% Delusion: Free AV Fails AI Malware Surge\n\n> 70% of corp laptops still lean on freebie AV like it’s 1998—yet AI malware laughs in 99% detection faces! 🧨 30% faster breach time, 0% dignity left. Your “zero-cost” Defender moment? A credential-theft piñata. US enterprises—wake TF up: layer or be laid bare. Who’s still disabling MFA to \"speed up\" Outlook?\n\nMicrosoft Defender and macOS XProtect still ship with every laptop, but 99 % lab scores don’t stop the 70 % of breaches that start with a stolen password. Built-in scanners chew only 3-5 % of your disk I/O—nice—yet miss credential-theft that sidesteps signatures entirely. Translation: the box is “protected,” the user is still toast.\n\n**Detection** : ≥ 99 % malware caught → 0 % empathy for the one that lands.\n**Performance** : 1-2 % CPU hit → 100 % user rage when false positives nuke Excel.\n**Coverage** : 10 000 endpoints per firm → 30 % faster MTTD only if you bolt on extra telemetry that costs actual money.\n\n### How we got here without noticing\n\n  * 2026: Defender bundles Smart App Control, BitLocker, MFA nags—Microsoft’s polite way of saying “please don’t buy Symantec.”\n  * Apple drip-feeds XProtect cloud lists daily; Gatekeeper still waves through anything signed with a $299 stolen dev cert.\n  * Labs crown both “top tier,” yet no product blocks 100 % of phishing; humans click anyway.\n\n\n\n### What happens next (spoiler: more invoices)\n\n  * **2026 Q4** : 18 % YoY jump in EDR purchases—compliance auditors discovered AI malware, panic ensues.\n  * **2027** : Defender 2.0 pushes kernel-level ML; IT budget line item for “telemetry storage” appears.\n  * **2029** : >80 % of firms run layered XDR; native AV relegated to checkbox on SOC wall of shame.\n\n\n\nBottom line: the free shield keeps the casual riff-raff out, but the real enemy is your own credentials wandering off with a phishing link. Until the OS ships a “don’t-be-stupid” patch, budget for identity controls or keep a breach-response retainer warm—both cost more than that shiny zero-dollar antivirus.\n\n* * *\n\n## 😱 500 000 Cloud Creds Looted: Trivy, KICS Backdoored in Global Supply-Chain Heist\n\n> 500k creds jacked in 7 days—your scanner just snitched on you! 😱 That’s 5× the pop. of Iceland, now for sale. Trivy & KICS turned Judas while you were sipping coffee. VW-size giants already getting ransom-dunked—who’s next, your startup? Rotate or rot, fam.\n\nTeamPCP slipped a 300 GB needle into the DevOps haystack last week, and every “trusted” badge in your CI pipeline helped.\n\n### How did a typo own the toolchain?\n\n  * Push 75 poisoned Trivy tags → GitHub Actions auto-runs them.\n  * One fake KICS tag (2.2.3-28) phones home to checkmarx.zone.\n  * RSA-4096 signature looks legit; AES-256 blob hides the loot.\n  * Result: 500 000 cloud keys, DB creds, VPN configs—compressed, encrypted, gone.\n\n\n\n### Impacts, translated to human\n\n  * **Wallet** : Crypto wallets drained before you finished your stand-up.\n  * **Reputation** : “We scan for security” now equals “We leaked it.”\n  * **Budget** : Rotating every principal, key, and token in a global fleet costs more than your Q2 coffee bill—times ten.\n\n\n\n### What happens next\n\n  * **0–30 days** : PyPI/GitHub yank packages; interns become full-time key-rotators.\n  * **3–12 months** : New compliance checkbox “SLSA Level 3 or GTFO”; vendors slap Sigstore stickers on slide decks while hoping nobody audits.\n\n\n\n### Cheap defense for the rest of us\n\n  1. Mirror every third-party action in-house; diff updates like your life depends on it—because it does.\n  2. Burn every credential older than your last grocery run; automate it with 20 lines of bash and a cron job.\n  3. Route CI egress through a DNS sinkhole that answers “scan.typo” with 0.0.0.0—zero cost, zero mercy.\n\n\n\n### The takeaway\n\nIf your security scanner can be weaponized to steal secrets, it’s not a scanner—it’s a conveyor belt for crooks. Turn the belt off, or keep feeding TeamPCP’s 300 GB habit.\n\n* * *\n\n## 💥 95M Downloads Hijacked: LiteLLM PyPI Poisoning Loots 500K US Cloud Keys\n\n> 95 M downloads in 3 h & LiteLLM turned your laptop into a free Airbnb for TeamPCP—500 k creds Airbnb’d, 300 GB squatted 💥 While you pip-installed, they systemd-Airbnb’d your AWS keys. US corps, your cloud is now a hostile sublet—rotate or keep paying rent to Vlad!\n\nLiteLLM v1.82.7 & 1.83.8, posted 24 Mar, carried a 34 kB `.pth` tapeworm that auto-fired the second Python woke up. Three hours on PyPI = 9.5 million daily pulls, now a credential piñata of 500 000+ SSH, cloud and K8s keys.\n\n### How the worm turned\n\n  * Compromised CI keys to Aqua’s Trivy scanner let TeamPCC force-push a tainted GitHub Action.\n  * That Action injected the same RSA-4096 public key into LiteLLM wheels.\n  * `site-packages` loads `litellm_init.pth` → spawns `sysmon.service` → scrapes every `~/.aws`, `~/.ssh`, SA token and `.env` in sight, compresses 40 kB per host, AES-wraps it, phones home to `models.litellm.cloud`.\n\n\n\n### Impact in one breath\n\n**Cloud bills** : 300 GB of your secrets now touring Eastern Europe.\n**DevOps budget** : rotation sprint = ~1 000 engineer-days of unpaid overtime.\n**Legal heat** : regulators love multi-cloud breaches—fines scale with “negligence”; expect 7-digit numbers.\n**AI pipeline trust** : LangChain, DSPy, Anthropic, OpenAI et al. all ingest LiteLLM—your shiny LLM stack is a transitive traitor.\n\n### What actually works (no vendor fairy dust)\n\n  * `pip uninstall` those versions—then hunt `~/.config/sysmon/` and nuke the service.\n  * Rotate everything, not just “the important” keys; the malware vacuumed metadata too.\n  * Switch PyPI to “Trusted Publishers” so a stolen PAT can’t push squat.\n  * Sign your builds; reproduce them; stop `@v3` tag roulette in CI.\n\n\n\n### Outlook—calendar of joy\n\n  * **0-30 days** : class-action letters land; expect “we take your security seriously” spam.\n  * **30-90 days** : insurers hike premiums >15 % for any repo that touches AI gateways.\n  * **≥90 days** : SBOM bills become law; budget 5 % of dev-op spend for supply-chain bouncers or keep bleeding keys.\n\n\n\nThe takeaway: open-source convenience just externalised your security budget to a bunch of strangers. Until the ecosystem stops trusting version tags like gospel, “pip install” is Russian-roulette with a fully loaded chamber.\n\n* * *\n\n### In Other News\n\n  * Meta held liable by New Mexico jury for misleading consumers on child safety, ordered to pay $75M in penalties\n  * Google integrates Post-Quantum Cryptography (ML-DSA) into Android 17 beta to protect bootloader, keystore, and remote attestation\n  * Ubuntu 26.10 to strip signed GRUB bootloader features for enhanced security, dropping ZFS, LVM, and Btrfs support\n  * Amazon EKS introduces session policies to dynamically scope IAM permissions without new roles\n\n",
  "title": "500k Creds in 7 Days: Free AV Fail Dunks US Corps",
  "updatedAt": "2026-03-26T13:46:24.006Z"
}