Today’s episode is one of those stories that, when you start pulling the thread, the whole thing just keeps unravelling. We are going to talk about the Mercor breach. Now, if that name doesn’t ring a bell, Mercor is a ten-billion-dollar AI recruiting startup. They match human experts with companies like OpenAI, Meta, and Anthropic to help train AI models. Big clients. Big data. Big target.
In late March of this year, a threat group called TeamPCP — and no, that is not a household cleaning product — managed to steal roughly four terabytes of data from Mercor. And the way they did it? They didn’t attack Mercor directly. They didn’t even attack the software Mercor relied on directly. They attacked the security tool that was supposed to protect that software. Let me say that again. They compromised the vulnerability scanner.
We have all that coming up next in this week’s episode.
– https://securitylabs.datadoghq.com: LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaign
– https://www.securityweek.com: SecurityWeek — Mercor Hit by LiteLLM Supply Chain Attack:
