Intellexa chief accuses Greek government of cover-up after conviction overturned
Trivy breach cascades into LiteLLM compromise as attackers hijack CI/CD and bury evidence, Russian national sentenced to two years in connection with BitPaymer botnet, Cyberattacks in Poland more than doubled last year, HackerOne employee data exposed in third-party attack, much more
If you rely on Metacurity to make sense of cybersecurity policy, industry developments, and security research, please consider supporting the newsletter with a paid subscription.
Metacurity is a daily infosec intelligence layer written independently of vendor marketing, PR-driven threat intelligence, and the cyber media echo chamber. Paid subscriptions make it possible to keep producing clear, straightforward analysis every day. Please consider upgrading your subscription. Thank you!
Tal Dilian, founder of Intellexa, the Predator spyware company, is launching direct attacks against the Greek government, the National Intelligence Service (NIS), and the Greek judiciary, with a new statement on the occasion of the overturning of the conviction by the Single-Member Criminal Court of Athens.
In his statement, he emphasizes that since at least 2019 his group developed "preventive defense software "and legally provides it exclusively to authorized government and law enforcement authorities."
He argues that the evidence presented at the trial contradicted the analysis, as he characterizes it, of (then) Supreme Court Prosecutor Georgia Adeilini regarding the absence of evidence of government and/or EYP involvement in the illegal surveillance case. As he states, “many witnesses mentioned the possible involvement of EYP," Greece's intelligence service.
Dilian claims that a conspiracy was set up "to send innocent people to prison in order to cover up political principles. Nixon lost his presidency in the Watergate affair because he tried to cover up a wiretapping operation." (Eliza Triantafyllou / Inside Story)
Related: Reuters, Tovima.com
Two malicious versions of the LiteLLM package were pulled from PyPI after a supply chain attack inserted credential-stealing code, with Berri AI CEO Krrish Dholakia saying the compromise appears to have originated from the project’s use of the Trivy security scanner in its CI/CD pipeline.
Aqua Security, which maintains Trivy, said attackers exploited a misconfiguration in Trivy’s GitHub Actions environment that exposed a privileged token, allowing them to interfere with CI/CD workflows. Using that access, the attackers were able to tamper with downstream software builds, including LiteLLM, effectively turning a trusted dependency into an entry point for broader compromise.
The attack illustrates how modern software supply chains can be chained together: a weakness in one widely used tool enabled attackers to pivot into another, spreading malicious code and potentially exposing credentials and systems across multiple environments that depended on those projects.
In a further twist, the GitHub vulnerability report tied to the incident was itself hit by a coordinated spam campaign apparently designed to obscure legitimate discussion. Dozens of repetitive, likely AI-generated comments flooded the thread, and security researcher Rami McCarthy noted that most of the accounts involved overlapped with those used in a separate spam campaign targeting Trivy.
Researchers say the combination of supply chain compromise, CI/CD exploitation, and manipulation of public disclosure channels points to a more sophisticated playbook—one that not only injects malicious code into trusted software but also attempts to disrupt the collaborative processes used to investigate and respond to such incidents. (Thomas Claburn / The Register)
Related: FutureSearch, BleepingComputer, Endor Labs, Simon Willison's Weblog, GitHub, Snyk, CyberInsider, Hacker News (ycombinator)
Ilya Angelov, a Russian national, was sentenced to two years in prison after admitting he co-managed a phishing botnet used to enable BitPaymer ransomware attacks against at least 72 US companies, generating more than $14 million in extortion payments.
Authorities said Angelov’s group, tracked as TA551 and other aliases, ran large-scale spam campaigns that infected thousands of computers daily and then sold access to those systems to ransomware operators and other cybercriminals.
The case highlights the role of initial access brokers in the ransomware ecosystem, with Angelov’s operation serving as a key pipeline for attacks carried out by multiple criminal groups between 2017 and 2021. (Sergiu Gatlan / Bleeping Computer)
Related: Justice Department, The Detroit News
Poland's Deputy Minister of Digital Affairs, Paweł Olszewski, said that his country experienced 2½ times more cyberattacks in 2025 compared to the previous year, and the numbers are constantly rising.
The attacks included a destructive infiltration of the country’s energy system in December that was believed to be unprecedented among NATO and European Union members and was suspected of originating in Russia.
Over the last year, Poland was the target of 270,000 cyberattacks, Olszewski said. (Claudi Ciobanu / Associated Press)
Related: The Independent
HackerOne is notifying employees that their personal data was exposed after attackers breached Navia, a US benefits administrator it uses, with 287 employees affected.
The company said the incident stemmed from a Broken Object Level Authorization (BOLA) vulnerability that allowed unauthorized access between December 2025 and January 2026.
The compromised data includes highly sensitive personal information such as Social Security numbers, names, addresses, dates of birth, and employment-related details for employees and their dependents. Navia detected suspicious activity in late January and later notified impacted organizations.
While no financial or claims data was reportedly accessed, the exposed information could enable phishing and social engineering attacks. No threat actor has claimed responsibility, and affected individuals have been offered credit monitoring and advised to watch for suspicious activity. (Sergiu Gatlan / Bleeping Computer)
Related: Maine Attorney General
Yossi Karadi, head of Israel’s National Cyber Directorate, warned that Iran is escalating its cyber operations against Israel, describing the conflict as a continuous “war” despite defenses that have so far prevented major damage to critical infrastructure and the economy.
He said more than 50 cyberattacks by roughly 20 groups were recorded during recent fighting, with around 50 Israeli organizations reportedly wiped digitally. The campaigns target infrastructure, engineering firms, academia, and security personnel—often extending to family members—and include efforts to hijack cameras and spread panic through incidents like hacked railway signage.
Karadi emphasized that many attacks focus on intelligence gathering that could later enable operational strikes, while widespread social engineering attempts highlight the scale of the threat. He warned that cyberattacks will persist regardless of any ceasefire, with Iran aiming to project power in cyberspace and repeatedly targeting sectors like energy, water, and finance. (Yoni Kempinski / Israel National News)
Related: CTech, Jerusalem Post, Haaretz, The Straits Times
A University College Dublin assistant professor, Stephen Davis, has appeared in court facing 148 charges related to the alleged hacking of students’ accounts and harassment of victims.
The case, brought after a 2023 investigation by Ireland’s Garda National Cyber Crime Bureau, involves more than 100 alleged victims, including about 50 students said to have been harassed.
Prosecutors allege Davis used malware to steal students’ passwords and access university accounts without authorization, leading to charges that include 96 counts of unlawful access to information systems, 51 counts of harassment, and one count related to the use of software for unauthorized access. Authorities said the offenses took place at multiple locations, including the UCD campus and the accused’s home.
Davis, a British national, has not entered a plea and was granted bail with conditions, including surrendering his passport and regular check-ins with police. The case has been sent forward for trial on indictment in a higher court, with the accused due to appear again in July. (Tom Tuite / Irish Times)
Related: The Journal, RTE, University Times, Irish Examiner, Irish Independent
Traces of the Russian hacking group Fancy Bear, widely linked to Russia’s GRU military intelligence service, were found inside Serbia’s Ministry of Defence, Military Academy, and Military Medical Academy, according to cybersecurity researchers at Ctrl Alt Intel.
The group identified compromised email accounts and evidence that attackers were collecting sensitive communications.
The investigation found multiple Ministry of Defence accounts breached, with attackers able to bypass two-factor authentication and set up automatic email forwarding to monitor messages. Stolen data included contacts across Serbian institutions and European military networks, suggesting the campaign may still be ongoing and focused on intelligence gathering.
Researchers say the activity is part of a broader operation targeting government and military entities across Europe, using techniques such as spear phishing to gain access, extract data, and map relationships that could support future cyber or intelligence operations. (Snezana Rakic / SerbianMonitor.com)
Related: Vreme, Balkan Web, Vijesti, Radio Free Europe
Britain’s National Cyber Security Centre (NCSC) warned that the rise of vibe coding could significantly reshape the software-as-a-service (SaaS) industry while introducing new cybersecurity risks.
NCSC chief Richard Horne said at the RSA Conference that while AI coding tools offer efficiency gains, they could also accelerate the spread of insecure software if not properly designed and governed.
The agency said advances in AI-assisted development are already enabling organizations to build custom software quickly, potentially reducing reliance on subscription-based SaaS platforms. This shift, described as a potential “SaaSpocalypse,” could disrupt the industry over time as companies opt for cheaper, in-house alternatives built with AI tools.
However, the NCSC cautioned that AI-generated code can be unreliable, difficult to maintain, and prone to vulnerabilities, increasing the risk of insecure systems being deployed. It urged organizations to embed security from the outset, including ensuring AI tools produce secure code by default and expanding testing and review practices, warning that failure to act early could repeat mistakes seen in the early days of cloud adoption. (Alexnder Martin / The Record)
Related: NCSC, NCSC, Computer Weekly, The Cyber Express, Infosecurity Magazine
Researchers at Endor Labs say attackers compromised the widely used LiteLLM Python package on PyPI, publishing malicious versions that installed an infostealer capable of harvesting credentials and sensitive data from infected systems.
The attack, attributed to the TeamPCP group, is part of a broader supply chain campaign linked to earlier breaches such as the Trivy compromise.
The malicious code in LiteLLM versions 1.82.7 and 1.82.8 executed automatically when the package—or even the Python interpreter—was run, enabling persistence. It harvested SSH keys, cloud credentials, Kubernetes secrets, database and CI/CD data, and cryptocurrency wallet information, while also attempting lateral movement and installing a backdoor for continued access.
Stolen data was encrypted and sent to attacker-controlled infrastructure, with reports suggesting hundreds of thousands of devices may have been affected, though that figure is unconfirmed. Researchers warn that the incident underscores the cascading risk of supply chain attacks and urge organizations to remove the affected versions, rotate all credentials, and check systems for compromise. (Lawrence Abrams / Bleeping Computer)
Related: Endor Labs, Security Affairs, GBHackers, CyberInsider, Cyber Security News
The Trump administration has agreed to a settlement barring three federal agencies from pressuring social media companies to remove or suppress lawful speech, resolving a lawsuit brought by Missouri, Louisiana, and individual plaintiffs called Murthy v. Missouri over alleged censorship during the Biden administration.
Under the agreement, the Surgeon General’s office, the CDC, and the Cybersecurity and Infrastructure Security Agency are prohibited for 10 years from threatening platforms with legal, regulatory, or economic consequences to influence content moderation decisions.
The case had reached the US Supreme Court, which previously rejected a lower court ruling that found likely free speech violations. The settlement still allows government officials to challenge online content publicly but not to do so through coercion or implied punishment. (Mike Scarcella / Reuters)
Related: New Civil Liberties, Reason, Missouri Attorney General's Office
The UK government is launching pilot programs with hundreds of families to test measures such as social media bans, curfews, and app time limits, aiming to assess their impact on children’s sleep, schoolwork, and family life.
The trials will involve around 300 teenagers.
The initiative comes as Britain considers broader restrictions on children’s social media use, including the possibility of a full ban for under-16s, though officials say no decisions have been made. Experts have noted limited evidence that outright bans are effective, and some young people have voiced opposition.
Results from the pilots will feed into a government consultation on future policy, with officials saying the goal is to gather real-world evidence from families before deciding on potential regulations. (Paul Sandle / Reuters)
Related: Gov.uk, BBC News, The Guardian, The Economic Times, The Record, Sky News, The Star
US District Judge Rita Lin called the Pentagon's treatment of Anthropic "troubling" as the AI company urged the court to pause the Trump administration's designation of the company as a supply chain risk.
"I don't know if it's murder, but it looks like an attempt to cripple Anthropic," said US District Judge Rita Lin.
Lin referred to three Trump administration actions: President Trump's ban on Anthropic, Defense Secretary Pete Hegseth's requirement that Pentagon contractors cut commercial ties with the company, and its designation as a supply chain risk.
"What is troubling to me about these three actions is that they don't really seem to be tailored to the stated national security concern. If the worry is about the integrity of the operational chain of command, [the Pentagon] could just stop using Claude," she said.
Anthropic asked for a decision by March 26, but the court is not bound by that date. (Maria Curi / Axios)
Related: CNBC, Business Today, Business Insider, NPR, The Guardian, Washington Examiner, ABC News, The Information, CBS News, The Hill, NewsMax.com, Financial Times, Bloomberg, Courthouse News Service, Android Headlines, The Verge, Wired, All Rise News, Wall Street Journal, CNBC
A New Mexico jury found Meta liable for nearly $400 million in damages, concluding the company failed to protect children on Facebook and Instagram from predators adequately and violated state consumer protection laws.
The case followed a 2023 lawsuit by Attorney General Raúl Torrez, based in part on an undercover operation showing a fake teen account quickly targeted by abusers.
Jurors determined Meta willfully violated the state’s unfair practices act, awarding $375 million in damages. The company said it will appeal and defended its safety efforts, while prosecutors argued Meta misled the public and ignored internal warnings about risks to children, including concerns tied to encryption changes.
A second phase of the case will determine whether Meta created a public nuisance and should fund mitigation programs or implement safety changes such as stronger age verification. The lawsuit is part of a broader wave of cases seeking to hold social media companies accountable for harms to minors. (Jonathan Vanian / CNBC)
Related: The Verge, Associated Press, The Guardian, Reuters, Wall Street Journal, New Mexico Department of Justice, Washington Post, New York Times, CNN, RTÉ, Le Monde, Nairametrics, Gamereactor UK, Forbes, KTVU-TV, Al Jazeera, Deseret News, TechCrunch, Just The News, The Information, Joe.My.God., NZ Herald, RedState, Los Angeles Times, MediaPost, Mashable, The Post Millennial, Salon, SiliconANGLE, MS NOW, Engadget, RTL Today, CNET, BBC, Overturned, The Wrap, France 24
Cloud-based data analytics and AI company Databricks is launching a new security product called Lakewatch, bolstered by its recent completed and pending acquisitions of security startup Antimatter SiftD, which has extensive experience at Splunk.
CEO and cofounder Ali Ghodsi said large language models, or LLMs, “have matured to a point that you can actually automate and augment a significant portion” of cybersecurity. (Jordan Novet / CNBC)
Related: Databricks, TechCrunch, CRN, SiliconANGLE, CNBC
Best Thing of the Day: Five Eyes Are Better Than None
In what might be reassuring to US allies, Gen. Josh Rudd, the new director of Cyber Command and the National Security Agency, told both organizations’ workforces in an all-hands meeting that he wants to double down on intelligence-sharing with US allies and partners.
Bonus Best Thing of the Day: You Go, Baltimore!
Baltimore became the first major US city to file a complaint against xAI over issues with its Grok image generator, with Mayor Brandon Scott saying that the deepfakes on Grok “have traumatic, lifelong consequences for victims.”
Worst Thing of the Day: Our Incident Report Is Sitting Next to Trump's Healthcare Plan
Two years ago, Columbus Mayor Andrew Gintner promised a full investigation and a public report detailing how a severe breach happened to the city government and what steps would be taken to prevent future attacks, and now Gintner says the incident is still under investigation.
Closing Thought
