Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across ...
CSO Online

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ ...
SecurityWeek

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack

Aqua Security’s Trivy vulnerability scanner was compromised in a supply chain attack, leading to information-stealing ...
The Hacker News

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

WebRTC skimmer exploits PolyShell flaw since March 19, hitting 56.7% stores, enabling stealth data theft bypassing CSP.
Bored Panda on MSN

73 things people revealed after their NDAs expired

It’s quite likely that, at some point in time, you were asked to keep a secret at work. You may have even signed a ...

When Today's Network Encryption Becomes Tomorrow's Liability

Network encryption was designed for a world in which adversaries needed to break cryptography in real time to extract value.
Opinion

Today’s Encryption Is Flawed Obfuscation

Today, threat actors are quietly collecting data, waiting for the day when that information can be cracked with future technology.
Infosecurity Magazine

EtherRAT Techniques Bypass Security Via Ethereum Smart Contracts

A new EtherRAT malware campaign using Ethereum smart contracts to hide command-and-control (C2) infrastructure has been ...