Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
CSO Online

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ Trivy maintainer says.
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...

Vibe Coding Has A Massive Security Problem

Vibe coding apps ship with alarming security flaws. What founders need to know about AI-generated code vulnerabilities in ...

ClawSecure Outranks Google on Product Hunt as Demand for OpenClaw Security Surges

ClawSecure reached #2 Product of the Day with 1,498 users scanning OpenClaw agents in 24 hours, outranking Google ...
Decrypt

OpenClaw Developers Lured in GitHub Phishing Campaign Targeting Crypto Wallets

The phishing campaign lures OpenClaw developers with fake $5,000 token airdrops, then drains wallets through a cloned site ...

GitGuardian report shows 29 million secrets leaked on GitHub in 2025

AI code assistants are helping to leak more secrets than the Github baseline, with credentials the most at risk.

Pervaziv AI Launches Cortex 3.0 in Chrome, Edge and Firefox – World’s First Cross-Browser/IDE AI Coding & Security Agent

Cortex 3.0 delivers AI-powered code generation, vulnerability scanning, Enterprise AI & DevSecOps integrations, ...

GitGuardian Reports an 81% Surge of AI-Service Leaks as 29M Secrets Hit Public GitHub

GitGuardian, the security leader behind GitHub's most installed application, today released the 5th edition of its “ State of ...
WinBuzzer

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...

Betterleaks, a new open-source secrets scanner to replace Gitleaks

A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using default or customized rules.