Aqua Security’s Trivy vulnerability scanner was compromised in a supply chain attack, leading to information-stealing ...

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across ...

TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx, and the LiteLLM AI library — and all signs point ...

The open-source supply chain hack represents “meaningful industry-wide risk”, according to an industry expert.

The Trivy supply chain compromise gave attackers a way to deliver malicious infostealer code. Learn how it happened and ...

A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using default or customized rules. Secret scanners are specialized utilities that ...

Open-source dependencies introduce hidden risks, from transitive vulnerabilities to supply chain attacks. Learn how to reduce ...

Israeli cybersecurity startup Seal Cybersecurity Solutions Inc. today revealed that it has raised $13 million in new funding to accelerate its go-to-market efforts and expand its core vulnerability ...

Open VSX bug misread scanner failures as clean results, letting malicious VS Code extensions go live before patch in v0.32.0.

Open-source projects form much of the foundation of modern software, with many systems used in the industry relying on code ...