Latest Supply chain news

CERT-EU traced the European Commission's cloud breach to a poisoned Trivy build pushed by TeamPCP on March 19. AI startup Mercor confirmed a separate hit via LiteLLM. ShinyHunters and Lapsus$ are now publishing stolen data from both victims.

An unauthenticated file upload in the WordPress Pix for WooCommerce plugin scored CVSS 9.8, and OneUptime collected its fourth critical vulnerability in two weeks. The March 14 digest covers 10 high-severity flaws including two Chrome zero-days.