Sign up to save your podcasts
Or
Share 275 - The Mercor Breach-When Your Security Scanner Becomes the Attack Vector
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
275 - The Mercor Breach-When Your Security Scanner Becomes the Attack Vector
Enjoying the content? Let us know your feedback!
Today's episode is one of those stories that, when you start pulling the thread, the whole thing just keeps unravelling. We are going to talk about the Mercor breach. Now, if that name doesn't ring a bell, Mercor is a ten-billion-dollar AI recruiting startup. They match human experts with companies like OpenAI, Meta, and Anthropic to help train AI models. Big clients. Big data. Big target.
Towards the end of March of this year, a threat group called TeamPCP and no, that is not a household cleaning detergent type of product - managed to steal roughly four terabytes of data from Mercor. And the way they did it? They didn't attack Mercor directly. They didn't even attack the software Mercor relied on directly. They attacked the security tool that was supposed to protect that software. Let me say that again. They compromised the vulnerability scanner.
We have all that coming up next in this week's episode.
- https://securitylabs.datadoghq.com: LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaign
- https://www.securityweek.com: SecurityWeek — Mercor Hit by LiteLLM Supply Chain Attack:
Be sure to subscribe!
You can also stream from https://yusufonsecurity.com
In there, you will find a list of all previous episodes in there too.
View all episodes
By YusufOnSecurity.ComEnjoying the content? Let us know your feedback!
Today's episode is one of those stories that, when you start pulling the thread, the whole thing just keeps unravelling. We are going to talk about the Mercor breach. Now, if that name doesn't ring a bell, Mercor is a ten-billion-dollar AI recruiting startup. They match human experts with companies like OpenAI, Meta, and Anthropic to help train AI models. Big clients. Big data. Big target.
Towards the end of March of this year, a threat group called TeamPCP and no, that is not a household cleaning detergent type of product - managed to steal roughly four terabytes of data from Mercor. And the way they did it? They didn't attack Mercor directly. They didn't even attack the software Mercor relied on directly. They attacked the security tool that was supposed to protect that software. Let me say that again. They compromised the vulnerability scanner.
We have all that coming up next in this week's episode.
- https://securitylabs.datadoghq.com: LiteLLM and Telnyx compromised on PyPI: Tracing the TeamPCP supply chain campaign
- https://www.securityweek.com: SecurityWeek — Mercor Hit by LiteLLM Supply Chain Attack:
Be sure to subscribe!
You can also stream from https://yusufonsecurity.com
In there, you will find a list of all previous episodes in there too.
More shows like YusufOnSecurity.com
View all
The Daily
112,330 Listeners