Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
CSO Online

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ Trivy maintainer says.

Betterleaks, a new open-source secrets scanner to replace Gitleaks

A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using default or customized rules.

Pervaziv AI Launches Cortex 3.0 in Chrome, Edge and Firefox – World’s First Cross-Browser/IDE AI Coding & Security Agent

Cortex 3.0 delivers AI-powered code generation, vulnerability scanning, Enterprise AI & DevSecOps integrations, ...

Over 29 million secrets were leaked on GitHub in 2025, and AI really isn't helping

This is according to GitGuardian’s latest report, the “State of Secrets Sprawl” paper that was just released. In the research ...

Vibe Coding Has A Massive Security Problem

Vibe coding apps ship with alarming security flaws. What founders need to know about AI-generated code vulnerabilities in ...

GitGuardian Reports an 81% Surge of AI-Service Leaks as 29M Secrets Hit Public GitHub

GitGuardian, the security leader behind GitHub's most installed application, today released the 5th edition of its “ State of ...
SecurityWeek

Critical Langflow Vulnerability Exploited Hours After Public Disclosure

Because attacker-supplied flow data is used in public flows, the bug leads to unauthenticated remote code execution.

Suman Basak: The Engineer Building AI Agents That Write, Secure, and Fix Code - Before Humans Even Review It

Suman Basak's multi-agent AI system automates secure software development, reducing vulnerability remediation time by 96.5% ...