The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across ...

GitHub has released a host of third-party security tools for its just-launched code-scanning feature, which helps open-source projects nix security bugs before they hit production code. GitHub Code ...

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...

New release integrates automated security scanning, AI-powered remediation, and GitHub-native workflows for enterprise ...

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor ...

Aqua Security’s Trivy vulnerability scanner was compromised in a supply chain attack, leading to information-stealing ...

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.

GitHub has made its code scanning service generally available. Based on the CodeQL semantic code analysis technology acquired from Semmle, GitHub code scanning now can be enabled in users’ public ...

TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx, and the LiteLLM AI library — and all signs point ...

One year after acquiring software security scanning specialist Semmle, and following a successful five-month beta process, GitHub is making its CodeQL code scanning capabilities available publicly, ...

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ ...