Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across ...
The Hacker News

ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories

ThreatsDay Bulletin covers stealthy attack trends, evolving phishing tactics, supply chain risks, and how familiar tools are ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...

Trivy安全扫描器GitHub Actions遭攻击,标签被劫持窃取CI/CD机密

Trivy是Aqua Security维护的一款热门开源漏洞扫描器,在一个月内第二次遭到攻击,恶意软件窃取了敏感的CI/CD机密信息。 最新事件影响了GitHub Actions中的"aquasecurity/trivy-action"和"aquasecurity/setup-trivy",这两个工具分别用于扫描Docker容器镜像漏洞和在GitHub Actions工作流中设置特定版本的扫描器。
Microsoft

Contagious Interview: Malware delivered through fake developer job interviews

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...
腾讯网

【深度长文】从“会聊天”到“能干活”:OpenClaw架构深度拆解与 ...

作者 | 彭靖田在过去的一年里,我们被各种大模型的“闲聊”能力所震撼,但当激情褪去,企业和开发者面临的真正拷问是:它到底能不能替我干活?为了回馈大家的硬核学习热情,以及未能参与直播的朋友,我决定将昨天的直播精华内容,深度精编为 5 ...
腾讯网

Trivy安全扫描器GitHub Actions遭攻击,75个标签被劫持窃取CI/CD机密

Trivy是Aqua Security维护的一款热门开源漏洞扫描器,在一个月内第二次遭到攻击,恶意软件窃取了敏感的CI/CD机密信息。 最新事件影响了GitHub ...