TeamPCP Trivy Compromise: European Commission AWS Breach Confirmed

🗒️ TL;DR

• CERT-EU confirms European Commission AWS breach via TeamPCP's Trivy supply chain compromise: 340 GB exfiltrated, 71 hosted clients affected, ShinyHunters publishes stolen data
• Sportradar AG systemic compromise confirmed jointly operated by TeamPCP and Vect ransomware, exposing 26,000 users, 23,169 athlete records, and 328 API key pairs
• OpenClaw becomes most-starred software project on GitHub (250,000+ stars in 60 days), but CVE-2026-25253 (CVSS 8.8) RCE and 341 malicious skills in ClawHub expose security gaps
• Three supply chain security reports converge: 454,648 new malicious packages in 2025 (Sonatype), 65% of OSS CVEs lack CVSS scores (Kaspersky), 145% CVE increase QoQ in containers (Chainguard)
• Linux crosses 5% Steam market share (gaming) for the first time (5.33%), a 3.10% monthly surge driven by SteamOS adoption
• Ubuntu 26.04 LTS raises RAM requirement to 6 GB (exceeding Windows 11), ships PipeWire as Snap (removing snapd breaks audio)
• PHP BSD 3-Clause relicense vote closes today with 51 yes, 0 no, 2 abstentions, passage certain for PHP 9.0
• Google releases Gemma 4 under standard Apache 2.0 license (first OSI-approved Gemma release), but 26B MoE runs at 11 tokens/sec vs 60+ for Qwen 3.5

💥 Top Story

CERT-EU Confirms European Commission AWS Breach Through TeamPCP Trivy Supply Chain Compromise

• CERT-EU published an advisory on April 3 confirming that the European Commission's Europa web hosting platform on AWS was breached through TeamPCP's Trivy supply chain compromise (CVE-2026-33634). Initial access occurred on March 19 when the Commission's CI/CD pipeline pulled a compromised Trivy version. The Commission's Security Operations Centre detected suspicious Amazon API activity on March 24, notified CERT-EU on March 25, and by March 28 the extortion group ShinyHunters had published the stolen dataset on its dark web leak site. Approximately 340 GB of uncompressed data was exfiltrated, including 51,992 files of outbound email communications (2.22 GB) and personal data (names, usernames, email addresses) from European Commission websites. Up to 71 clients hosted on the Europa web hosting service were affected. CERT-EU confirmed the attackers deployed TruffleHog to validate AWS credentials via Security Token Service, then created new access keys attached to existing user accounts for persistent access. No lateral movement to other AWS accounts was detected. Whether ShinyHunters handled the full operation or only the extortion phase remains unclear.
• Recurring: Tenth day tracking the TeamPCP campaign. This is the highest-profile governmental victim disclosure to date. Progression: supply chain expansion (March 19-27), ransomware pivot (March 30), first victim disclosure/Mercor AI (April 1), scope quantification/Lapsus$ involvement (April 2-3), CERT-EU governmental disclosure (April 3). SANS ISC published Update 006 on April 3 consolidating the CERT-EU, Sportradar, and Mandiant developments.
• Source: Help Net Security | CERT-EU | CSO Online

The European Commission's cloud got breached through its own security scanner. The tool they trusted to find vulnerabilities became the vulnerability. And three independent reports just confirmed: everything is breaking faster than we can fix it.

Welcome back. Big day. The European Commission got breached through a security scanner. Half a million malicious packages hit open source registries last year. The most-starred GitHub repo in history is already riddled with malware. Ubuntu made it impossible to remove Snap without losing audio. And Linux just crossed 5% on Steam (gaming) for the first time.

If you've been following me, you know I've been tracking the TeamPCP campaign for ten days now. It started with a supply chain compromise of Trivy, the container vulnerability scanner that millions of CI/CD pipelines run every single day.

On March 19, the European Commission's CI/CD pipeline pulled a compromised version of Trivy, which is the scanner you run specifically because you're trying to be secure. The thing compliance checklists tell you to run.

That compromised version didn't find problems. It created them.

The attackers slipped in through a poisoned release, CVE-2026-33634. Then they waited. Five days. The Commission's Security Operations Centre flagged suspicious Amazon API activity on March 24. They notified CERT-EU on March 25. By March 28, ShinyHunters had already published the stolen data on a dark web leak site.

Imagine hiring a locksmith to check your doors, and the locksmith copies your keys on the way out. That's what happened here.

Here's what the attackers actually took from the European Commission. 340 gigabytes of uncompressed data. That includes 51,992 files of outbound email communications. Personal data from Commission websites. Names, usernames, email addresses. Up to 71 hosted clients on the Europa web hosting service were affected.

The attack path was clean. The compromised Trivy version deployed TruffleHog, a credential scanner, to validate AWS credentials. Then the attackers created new access keys attached to existing user accounts. Not temporary tokens. Permanent keys. They had their own front door.

And who caught it? Not the scanner. The scanner was the problem. The Commission's SOC caught it through Amazon API anomaly detection. Humans noticed what the security tool was doing wrong.

The scope goes beyond the Commission. Sportradar AG: confirmed systemic compromise, jointly operated by TeamPCP and Vect ransomware. 26,000 users exposed. 23,169 athlete records. 328 API key and secret pairs. Those keys connect Sportradar to 161 client organizations. Sports leagues. Media companies. Betting platforms. Every one of those integrations is now a secondary supply chain risk. The stolen data is being offered for up to $50,000. That's cheap for what it contains.

Add Mercor AI with four terabytes of recruiting data. Mandiant estimates over 1,000 SaaS environments were hit by this single campaign.

And no new package compromises since March 27. TeamPCP stopped planting backdoors. They don't need to. They've shifted entirely to monetization and extortion of existing credential harvests. They have enough stolen access to sell for months.

Now here's what makes this week different. Three independent security reports dropped within weeks of each other, and they all say the same thing.

Sonatype counted 454,648 new malicious packages in 2025. 454,000 malicious packages in a single year. The cumulative total now exceeds 1.2 million across npm, PyPI, Maven Central, NuGet, and Hugging Face. And over 99% of that malware landed on npm.

Kaspersky found that 65% of open source CVEs lack CVSS scores entirely. No score. No priority. No urgency signal for the teams that need to patch. And 46% of those unscored vulnerabilities would rate High if anyone bothered to evaluate them. Proof-of-concept exploits appear within one week of discovery. But the median time to assign a CVSS score? Forty-one days.

7 days to weaponize. 45 days to score. That's the gap.

Chainguard's container data adds another angle. 145% increase in unique CVEs quarter-over-quarter. And 96% of those vulnerabilities fall outside the top 20 most popular container images. Popular doesn't mean secure. It just means nobody's looking at the rest.

And what about the AI tools we're using to write code? Kaspersky found 45% of AI-generated code contains OWASP Top 10 flaws. Sonatype found GPT-5 hallucinated 27.8% of component versions. The tools generating code are also generating vulnerabilities.

Now connect that to the fastest-growing open source project in history.

OpenClaw crossed 250,000 GitHub stars in roughly 60 days. Most-starred software project ever. Nothing has ever grown that fast on GitHub.

But velocity brought problems. CVE-2026-25253, a CVSS 8.8 RCE. The app blindly accepted a gateway URL query parameter without user confirmation, leaking the auth token. Over 40,000 instances were exposed at disclosure. That number grew to 135,000.

And the plugin marketplace? A security audit of 2,857 skills in ClawHub found 341 malicious. That's 12% of the registry. By February, the count had grown to 824 confirmed malicious skills across 10,700 in the expanded registry. The primary payload: Atomic Stealer, a macOS infostealer.

The governance structure hasn't kept pace. OpenClaw moved to an independent 501(c)(3) with OpenAI as sponsor. MIT license retained. But the bylaws and governance charters? Still unpublished.

250,000 stars. 135,000 exposed instances. 12% malicious plugins. Unpublished governance. That's velocity without verification. And it's the same pattern the supply chain reports describe, just wearing a different hat.

Now step back from the security stories for a second.

Linux just crossed 5% market share on Steam (gaming). 5.33%, to be exact. A 3.1 percentage point monthly surge, the largest single-month gain in Steam survey history. SteamOS accounts for nearly a quarter of all Linux installs on the platform. Linux is now more than double macOS at 2.35%. Game developers and anti-cheat providers now have to treat Linux as a first-class target.

But the same week Linux crosses that milestone, Ubuntu 26.04 LTS does something interesting.

It raises the minimum RAM requirement to 6 gigabytes. Ubuntu now needs more RAM than Windows 11. That's 6 GB versus 4 GB. First RAM increase since 2018. GNOME 50, jumping four release cycles in one version, ships as Wayland-only. The primary driver of those higher requirements.

PipeWire, the audio system, ships as a Snap package. Removing snapd breaks audio.

That matters. For years, a common first move for Ubuntu power users was removing Snap. It was practically a rite of passage. Now, doing that kills your sound. This is the first Ubuntu LTS release in which a fully de-snapped system is not possible without losing core functionality. And that's a Snap lock-in angle. Whatever I wrote here is becoming a reality.

Meanwhile, at the opposite pole: Artix Linux ships XLibre as its default X server, going the other direction entirely. First major rolling-release distro to do that. MX Linux publicly rejects age-verification requirements, citing open source principles. Parrot Linux took the same stance.

The Linux distro world is splitting, isn't it? Canonical tightens control. The independents go the other way. And the irony is thick. The same week open source crosses its biggest gaming milestone, the most popular distro makes it harder to run open source the open source way.

This is exactly the kind of tension I write about every day. What gets measured versus what actually matters.

We measure how fast things break. 454,000 malicious packages. 135,000 exposed instances. Governmental breaches within days of initial access. Everything is accelerating.

But we don't measure how fast we can fix things. 41-day median CVSS scoring. 65% of CVEs with no score at all. Unfunded maintainers drowning in AI-generated security reports. The Linux Foundation just raised 12.5 million dollars specifically because maintainers can't keep up with the flood.

The breaking speed keeps climbing. The fixing speed stays flat. And nobody tracks the gap.

Some good news, though.

Google released Gemma 4 under the Apache 2.0 license. First Gemma model with an actual OSI-approved open source license. No custom restrictions, no usage caps, no competitor exclusions. More permissive than Meta's Llama. For the open source AI community, the licensing shift matters more than the model. It proves that major AI labs will release production-quality models under real open licenses.

PHP's BSD 3-Clause relicense vote closes today. 51 yes, zero no, 2 abstentions. PHP 9.0 will ship under the Modified BSD license, ending decades of custom licensing. One of the last holdouts, gone.

So it's not all speed without oversight. People are building. People are opening up. People are making principled choices.

But that structural gap between breaking speed and fixing speed? That's the thing to watch. Because right now, it's growing. And very few people are measuring it.

💻 Open Source News

Google Releases Gemma 4 Under Apache 2.0 License, First OSI-Approved Gemma Release

• Google announced Gemma 4 on April 2 at Google Cloud Next, marking the first Gemma model family released under the standard Apache 2.0 license. Previous Gemma releases used a custom policy with clauses Google could update at any time, which compliance teams routinely flagged. The new license carries no MAU limits, no acceptable use policies, and allows unrestricted commercial redistribution, putting Gemma on identical licensing ground as Qwen (Apache 2.0) and Mistral Small 4 (Apache 2.0). The release includes four model variants (E2B, E4B, 26B MoE, and 31B Dense) purpose-built for advanced reasoning and agentic workflows. All models support native vision, audio input, and over 140 languages. Hugging Face CEO Clement Delangue called the licensing shift "a huge milestone." Community attention has shifted from benchmarks to licensing as the primary differentiator. Gemma 4's 31B Dense model currently ranks #3 among open models on the LM Arena leaderboard (1452 Elo), with the 26B MoE at #6 (1441 Elo). A performance catch found post-launch: the 26B MoE variant runs at 11 tokens/sec versus 60+ tokens/sec for Qwen 3.5 on equivalent hardware. For the open source AI community, Apache 2.0 gives Gemma a more permissive license than Meta's Llama models, which still use a custom community license with commercial usage caps and competitor restrictions.
• Source: Google Open Source Blog

PHP BSD 3-Clause Relicense Vote Closes Today, Passage Certain at 51-0-2

• The PHP community vote to relicense under BSD 3-Clause closes today (April 4) with the final count at 51 yes, 0 no, 2 abstentions, well above the two-thirds supermajority threshold. The change takes effect in PHP 9.0, replacing the PHP License 3.01 and Zend Engine License 2.00 with a standard OSI-approved license (Modified BSD). This eliminates GPL incompatibility issues, simplifies SPDX compliance for downstream packagers, and removes one of the last major custom-license holdouts in open source.
• Source: PHP RFC

Sportradar AG Systemic Compromise Confirmed via TeamPCP and Vect Ransomware

• SANS ISC Update 006 (April 3) reported that the Sportradar AG breach, first claimed as a CipherForce victim in Update 004, has been confirmed as a "systemic compromise" jointly operated by TeamPCP and Vect ransomware. The breach, executed on March 25 via the Trivy supply chain compromise, exposed approximately 26,000 users, detailed records for 23,169 athletes (names, dates of birth, gender, nationality), 161 client organizations including major sports leagues and media companies, and 328 API key/secret pairs creating secondary supply chain risk for integration partners. The stolen data is being offered for sale for up to $50,000.
• Source: SANS ISC Update 006 (via Iron Castle) | Daily Dark Web

OpenClaw Becomes Most-Starred Software Project on GitHub, Faces Critical Security Vulnerability and Plugin Marketplace Compromise

• OpenClaw surpassed React on March 3, 2026, crossing 250,000 GitHub stars to become the most-starred software project on GitHub. The project achieved this from near-zero in roughly 60 days. Security concerns followed: CVE-2026-25253 (CVSS 8.8) is a WebSocket authentication RCE where the app blindly accepted a gatewayUrl query parameter without user confirmation, leaking the auth token. Over 40,000 instances were found exposed on the internet by the time of public disclosure on February 3, 2026 (per STRIKE threat intelligence), with 63% assessed as remotely exploitable. That number later grew to over 135,000 exposed instances. The fix shipped in v2026.1.29. Separately, the ClawHavoc campaign targeted the ClawHub plugin marketplace. An initial Koi Security audit of 2,857 skills found 341 malicious (approximately 12% of the registry). By February 16, 2026, the number of confirmed malicious skills had grown to 824+ across an expanded registry of 10,700+ skills. The primary payload is Atomic Stealer (AMOS), a macOS infostealer. Social engineering tactics included professional documentation with fake "Prerequisites" sections directing users to malware downloads. On governance: Peter Steinberger joined OpenAI on February 15, 2026 to drive "the next generation of personal agents," and OpenClaw moved to an independent 501(c)(3) foundation with OpenAI as sponsor. MIT license retained. Bylaws and governance charters remain unpublished. The latest release, v2026.4.1 (approximately April 4, 2026), adds exec/cron improvements, session model-switching fixes, and a chat-native /tasks board.
• Source: OpenClaw Blog | NVD | runZero

Open Source Supply Chain Risk: Three Reports Quantify Severity Across CVE Scoring, Malicious Packages, and Container Vulnerabilities

• Three major supply chain security reports converge on the same conclusion: the gap between vulnerability discovery and remediation continues to widen. Kaspersky (April 3, 2026): 65% of OSS CVEs lack CVSS scores; 46% of those would be High severity if scored; different vulnerability databases agree on severity only 55% of the time; proof-of-concept exploits appear within 1 week of discovery; NVD average listing time is 15 days; median time to assign a CVSS score is 41 days (some unrated up to 1 year); 14,000 malicious packages by end 2024 (48% YoY increase); 45% of AI-generated code contains OWASP Top 10 flaws; LLMs recommended incorrect dependency versions in 27% of cases in 2025. Sonatype (January 28, 2026): 454,648 new malicious packages in 2025; cumulative total over 1.233 million across npm, PyPI, Maven Central, NuGet, and Hugging Face; OSS malware grew 75% YoY; downloads reached 9.8 trillion (67% YoY); Log4Shell still had 42 million downloads in 2025, four years after patches; GPT-5 hallucinated 27.8% of component versions; over 99% of OSS malware landed on npm. Chainguard (December 2025 data, April 2026 HN coverage): 145% increase in unique CVEs QoQ; 377 unique CVEs and 33,931 fix instances across 2,200+ container image projects; 300%+ more fixes applied; median remediation time held at 2.0 days; 96% of vulnerabilities fell outside the top 20 most popular images, meaning popularity is not a proxy for security coverage; Python is the most popular image (72.1% of customers).
• Source: Kaspersky Blog

Red Hat NAIRR: Open Source AI Infrastructure for 8 US University Research Projects

• Red Hat published details on March 20, 2026 (author: Heidi Picher Dempsey) about its contribution to NSF's NAIRR Deep Partnership Program. Red Hat, the Mass Open Cloud (MOC), and IBM Research are supporting 8 US university research projects focused on AI for software development, efficiency/resource optimization, and improved reliability/manageability. The full stack: RHEL, OpenShift, OpenShift AI, Red Hat Advanced Cluster Management for Kubernetes, PyTorch, and SLURM for workload management. Project selection was announced December 2, 2025 by Red Hat Research. All projects conclude June 30, 2026.
• Source: Red Hat Research | AI Alliance

OSS AI Tools: 4.3 Million AI Repositories, RAGFlow and n8n Lead Growth

• GitHub Octoverse reports 4.3 million AI-related repositories with a 178% YoY jump in LLM-focused projects. TypeScript is now the #1 language on GitHub, driven by AI tooling adoption. RAGFlow (75,000+ stars) was named by GitHub Octoverse 2025 as one of the fastest-growing open source projects by contributor count (2,596% YoY growth). Built by InfiniFlow, it combines document parsing, data cleaning, retrieval, and agentic capabilities. n8n passed 150,000 GitHub stars in 2025 with 610+ AI-RAG workflow templates in its community, running a hybrid open-source business model. AutoGPT has shifted from an experimental demo to a long-running production agent system. AI repository growth is broad across all categories (agentic frameworks, RAG engines, workflow automation, local model runners) and not consolidating to a single category.
• Source: GitHub Octoverse Blog | RAGFlow Blog

Ubuntu MATE Founder Steps Back After 12 Years, No LTS for 26.04

• Martin Wimpress, who founded Ubuntu MATE in 2014, announced he is stepping down from the project. "I don't have the passion for the project that I once had. When I have time to tinker, my interests are elsewhere," Wimpress wrote. Ubuntu MATE did not apply for LTS qualification for 26.04, meaning there will be no Ubuntu MATE 26.04 LTS release. A standard (non-LTS) 26.04 version may still ship, but without extended support. The project is actively seeking new maintainers to take over key responsibilities.
• Source: Linuxiac | OMG! Ubuntu

🐧 Linux News

Linux Crosses 5% Steam Market Share for the First Time, Reaches 5.33%

• Valve's March 2026 Steam Hardware and Software Survey shows Linux at 5.33% of the total user base, a 3.10% monthly increase and the first time Linux has crossed the 5% threshold. SteamOS accounts for 24.48% of the Linux install base and is the primary driver of the surge. Linux's share is now more than double macOS at 2.35% (up 1.19%). Windows declined 4.28% to 92.33%, with heavy migration from Windows 10 (25.36%, down ~15%) to Windows 11 (66.85%, up 10.57%). The Proton compatibility layer and continued SteamOS/Steam Deck adoption are driving the shift.
• Source: KitGuru | XDA Developers

Linux 7.0 Release Window: rc7 Expected This Weekend, Stable April 12 or 19

• Linux 7.0-rc7 is expected this weekend (April 5-6). Networking fixes for rc7 shipped April 2, resolving a long-standing Qualcomm Ath11k/Ath12k WiFi throughput bug present since 2019. If Torvalds judges rc7 sufficient, stable Linux 7.0 releases April 12. An rc8 would push it to April 19. Ubuntu 26.04 LTS (April 23) and Fedora 44 (April 14) both depend on this timeline. Torvalds' rc6 release (March 29) carried unusually high fix volume for that stage. His exact comment: "It turns out that rc5 finally starting to calm things down this release cycle was a mirage, with rc6 we're back to many more fixes than are normal for this time." He attributes part of the earlier heavy activity to psychological energization around the "7.0" version milestone. Dominant rc6 fix categories: EXT4 filesystem corrections, x86 virtualization fixes for Intel TDX and AMD SEV-SNP confidential computing, an unusually high volume of audio hardware quirks (laptop-specific workarounds across multiple vendors), and XFS updates. Torvalds characterizes most changes as "small and benign" and does not plan to extend the release cycle, but sustained patch volume makes April 19 increasingly likely.
• Source: Phoronix| 9to5Linux

sched_ext Roadmap: GPU Awareness, Energy-Aware Abstractions, Composable Schedulers

• Andrea Righi of NVIDIA shared the sched_ext development roadmap for 2026. Planned features include GPU-aware scheduling for GPU-bound workloads (via scx_layered API changes), energy-aware abstractions exposing the kernel's Energy Model to BPF programs via a new netlink interface, hierarchical schedulers, composable scheduler designs, Rust reimplementation of some C code paths, and BPF hot-path optimizations. The LAVD scheduler, designed for latency and energy efficiency with an initial focus on gaming workloads, is a key beneficiary of the energy-aware work. These features target the Linux 7.1+ merge windows.
• Source: Phoronix

MX Linux Rejects Age Verification Requirements, Cites Privacy and Open Source Principles

• MX Linux publicly rejected implementing age verification at the operating system level in response to US legislation (California's AB 1043, effective January 2027, plus similar laws in Colorado and Illinois) that requires operating systems to implement age attestation during account setup. The MX Linux team stated they have "no intention of implementing such measures," citing privacy concerns, impracticality for non-commercial open source distributions, and conflict with open source principles. The team directed concerned users to "lobby your government representatives" rather than their distribution. Parrot Linux has taken a similar stance. The broader question of how these laws apply to non-commercial open source operating systems remains unresolved pending court challenges.
• Source: Linux Journal | Linuxiac

Arch Linux April 2026 ISO: Linux 6.19.10, systemd 260, Archinstall 4.1

• The Arch Linux ISO 2026.04.01 ships Linux 6.19.10 and systemd 260. Archinstall 4.1 follows the 4.0 release (March 30) that introduced the Textual TUI, firewalld zone support, LUKS whole-disk parameters, GRUB UKI entries, and dropped NTFS root filesystem support. The 4.1 point release (March 31) removes the NVIDIA proprietary driver (nvidia-dkms) option from the installer because nvidia-dkms is no longer in the Arch repositories. Galician language support was added.
• Source: Arch Linux

Artix Linux 2026.04: First Major Rolling-Release Distro to Ship XLibre as Default X Server

• Artix Linux ISO 2026.04.02 makes XLibre the default X server, making Artix the first major rolling-release distribution to do so in an official ISO. XLibre is a fork of X.org created by Enrico Weigelt (Metux IT Consult) in June 2025 after Red Hat's Wayland-first push left X.org without adequate maintenance. Current version: xlibre-xserver 25.1.2. Xorg remains installable manually. KDE Plasma offers a choice between Wayland or XLibre sessions. User service support improved for OpenRC and dinit init systems. ISO sizes range from 1,990 to 2,184 MB depending on desktop.
• Source: Linuxiac

CuerdOS 2.1 "Skycatcher": Debian-Based Distro Drops 4 Editions, Ships Linux 6.18.9

• CuerdOS 2.1, codenamed "Skycatcher," released April 2, 2026. The Spanish-origin Debian-based distribution ships Linux 6.18.9, enables UFW by default, and applies 124 vulnerability fixes via CuerdTools update. Four editions were dropped: Budgie, Cinnamon, LXQt, and MATE. Remaining editions: Plasma, Xfce, Sway, and LabWC. Waybar was redesigned for the Sway/LabWC variants. The Wasabi video player replaces both Celluloid and Haruna.
• Source: DistroWatch

Ubuntu 26.04 LTS: 6 GB RAM Requirement, PipeWire as Snap, GNOME 50 Wayland-Only

• Ubuntu 26.04 LTS (releasing April 23, 2026) raises minimum RAM to 6 GB (up from 4 GB in 24.04), the first RAM increase since 18.04 in 2018/2019. Ubuntu now exceeds Windows 11 on RAM requirements (6 GB vs 4 GB) but needs less disk (25 GB vs 64 GB). GNOME 50 (jumping four release cycles in one version) ships as a Wayland-only session and is a primary driver of the increased requirements. PipeWire is distributed as a Snap package in 26.04. Practical consequence: removing snapd breaks audio. This is the first Ubuntu LTS where a fully "de-snapped" system is not achievable without losing core functionality, a Snap lock-in angle that remains underreported.
• Source: Ubuntu Release Notes

🤓 I'll be cross-referencing CVSS scoring timelines against exploit release dates tonight, wondering why I do this to myself. Free to read every morning. Or go paid. Less than one regrettable vending machine coffee a month.

I'll see you next time.