Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...
The Hacker News

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across ...

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
GitHub

pid_scan_20260316_084742.csv

SUMMARY,scanned=1536,hits_OK=231,conditional_NR22=0,other=51,, ...
Lehigh Valley Live

Dear Annie: My cousins turned my home into their personal party resort

Dear Annie: I adore my cousins, I really do. We grew up together, and when they suggested coming to stay with us for a long weekend, I was genuinely excited. I pictured late-night laughs, good meals, ...
Bleeping Computer

Betterleaks, a new open-source secrets scanner to replace Gitleaks

A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using default or customized rules. Secret scanners are specialized utilities that ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...
Bleeping Computer

New 'Zombie ZIP' technique lets malware slip past security tools

Update: Article updated with comments from security researchers who believe this should not be considered a vulnerability. Update 2: CERT has retracted its bulletin and MITRE has rejected the CVE on ...
SecurityWeek

OpenAI Rolls Out Codex Security Vulnerability Scanner

Codex Security, formerly Aardvark⁠, has found hundreds of critical vulnerabilities in tested software in the past month. OpenAI is rolling out a new AI-powered software vulnerability scanner that the ...