Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

Pervaziv AI Releases AI Code Review 2.0 GitHub Action for Repository-Wide Security Scanning and AI-Powered Remediation

New release integrates automated security scanning, AI-powered remediation, and GitHub-native workflows for enterprise ...

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.
NewsBytes

Claude Code Review can now scan your GitHub pull requests

Anthropic's new Claude Code Review tool uses artificial intelligence to scrutinize pull requests for bugs and potential ...
CSO Online

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ Trivy maintainer says.

Betterleaks, a new open-source secrets scanner to replace Gitleaks

A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using default or customized rules.

Over 29 million secrets were leaked on GitHub in 2025, and AI really isn't helping

This is according to GitGuardian’s latest report, the “State of Secrets Sprawl” paper that was just released. In the research ...

GitGuardian Reports an 81% Surge of AI-Service Leaks as 29M Secrets Hit Public GitHub

GitGuardian, the security leader behind GitHub's most installed application, today released the 5th edition of its “ State of ...
HHS

Why Claude Code Security Has Shaken the Cybersecurity Market

The debut of Claude Code Security brought Anthropic into direct competition with the biggest pure-play cybersecurity vendors in the world, and investors have noticed ...