TeamPCP Supply Chain Campaign: Activity Through 2026-05-17, (Mon, May 18th)

Since the last update, the TeamPCP supply chain campaign produced its loudest stretch since the March Trivy disclosure: an officially confirmed Checkmarx Jenkins plugin compromise and a new self-spreading Mini Shai-Hulud worm across npm and PyPI.

Continue reading TeamPCP Supply Chain Campaign: Activity Through 2026-05-17, (Mon, May 18th)

Posted in Uncategorized

Simple bypass of the link preview function in Outlook Junk folder, (Thu, May 14th)

Besides serving as a place where Microsoft Outlook places suspected spam, the Outlook Junk folder has one additional function that can be quite helpful when it comes to identifying malicious messages. Any e-mail placed in this folder is stripped of all formatting, and destinations of all links included in the message become visible to the user, as you can see in the following images which show the same e-mail when it is placed in the inbox, and when it is placed in the Junk folder.

Continue reading Simple bypass of the link preview function in Outlook Junk folder, (Thu, May 14th)

Posted in Uncategorized