Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
CSO Online

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ Trivy maintainer says.
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.

Securing the Code Factory: Why SDLC Infrastructure Has Become a Core Cloud Risk

For years, software security focused on the final product: the code that ships. Today, attackers are increasingly targeting ...

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...

Copilot account suspended; How to get it back!

Copilot account suspended? Why was my Copilot account suspended? How to get your suspended Copilot account back? These and ...
CoinDesk

OpenClaw developers targeted in GitHub phishing scam offering fake token airdrops

Attackers impersonate OpenClaw on GitHub, luring developers with bogus CLAW giveaways that trick users into connecting crypto ...
Decrypt

OpenClaw Developers Lured in GitHub Phishing Campaign Targeting Crypto Wallets

The phishing campaign lures OpenClaw developers with fake $5,000 token airdrops, then drains wallets through a cloned site ...
BeInCrypto

OpenClaw Creator Warns of Crypto Phishing Wave: ‘We Would Never Do That’

OpenClaw's Peter Steinberger warns all crypto emails tied to the project are scams as fake $CLAW airdrops target GitHub devs.

GitGuardian report shows 29 million secrets leaked on GitHub in 2025

AI code assistants are helping to leak more secrets than the Github baseline, with credentials the most at risk.

SpecterOps adds Okta, GitHub and Mac coverage to BloodHound Enterprise platform

BloodHound Enterprise platform to cover Okta Inc., GitHub and Mac environments and introduced new OpenGraph extensions to map ...

JigsawML Launches Control Plane for AI-Generated Code as Engineering Teams Lose Visibility into What AI Agents Build

World's First Architectural Intelligence Platform Auto-Generates Interactive Architecture Diagrams from Code, Tracking Every AI-Written Change in Real Time BOSTON and SAN FRANCISCO, March 17, 2026 ...