Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor ...
The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
Aqua Security’s Trivy vulnerability scanner was compromised in a supply chain attack, leading to information-stealing ...
The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.
Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across ...
A threat actor used the open source security tool to breach CI/CD workflows and steal cloud credentials, SSH keys, and other ...
If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ ...
Chainguard is racing to fix trust in AI-built software - here's how ...
Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results