Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across ...

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...

Chainguard is expanding beyond open-source security to protect open-core software, AI agent skills, and GitHub Actions.

The consensus among early adopters is that Anthropic has successfully internalized the most desirable features of the ...

How do you secure AI coding assistants in real software teams? This practical guide covers least privilege, secrets handling, approvals, sandboxing, and rollout controls.

One of the most popular ways to view the Epstein Files, an interface called Jmail that mimics a Gmail inbox, is hosted on ...

A new $12.5M funding effort led by Google aims to boost open-source security, accelerate patching, and defend against ...

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...

GlassWorm campaign used 72 malicious Open VSX extensions and infected 151 GitHub repositories, enabling stealth supply-chain ...

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...