Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.

An industry effort to integrate Web application firewalls (WAFs) with vulnerability scanning tools never got off the ground when it was first launched five years ago, but today the idea of blending ...

Codex Security, formerly Aardvark⁠, has found hundreds of critical vulnerabilities in tested software in the past month.

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ Trivy maintainer says.

As decentralized applications continue to grow in the blockchain environment, Smart Contract Vulnerability Scanning has become a core concept for building trust in decentralized finance and Web3.

Excerpted from "Scanning Reality: Limits of Automated Vulnerability Scanners," a new report posted today in Dark Reading's Vulnerability Management Tech Center. In some enterprises, the term ...

API vulnerability scanning and API penetration testing are both important methods for ensuring the security of an API, but they have distinct differences in terms of their scope, methodology and ...