Dark Reading

Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit

TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx, and the LiteLLM AI library — and all signs point ...

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across ...
The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at ...
Security Boulevard

Trivy Scanner Compromise Explained and What it Means For Your SaaS and CI/CD Security

The Trivy supply chain compromise gave attackers a way to deliver malicious infostealer code. Learn how it happened and ...

ClawSecure: The Only Complete Security Solution for OpenClaw Agents

While competing tools address fragments of OpenClaw security, ClawSecure is the only platform combining scanning, ...
Cyber Daily

Code security platform Trivy compromised by malicious packages

The open-source supply chain hack represents “meaningful industry-wide risk”, according to an industry expert.
Bleeping Computer

Apiiro unveils free scanner to detect malicious code merges

Security researchers at Apiiro have released two free, open-source tools designed to detect and block malicious code before they are added to software projects to curb supply chain attacks. The two ...

Pervaziv AI Releases AI Code Review 2.0 GitHub Action for Repository-Wide Security Scanning and AI-Powered Remediation

New release integrates automated security scanning, AI-powered remediation, and GitHub-native workflows for enterprise ...
Forbes

Security Of Enterprise Code: What Companies Using Open-Source Software Should Know About Binary Code Verification

Nowadays, there is a universe of open-source projects consisting of code, libraries and binaries from different sources. The open-source code and binaries are freely available from public repositories ...