Dark Reading

Trivy Supply Chain Attack Targets CI/CD Secrets

A threat actor used the open source security tool to breach CI/CD workflows and steal cloud credentials, SSH keys, and other ...
The Hacker News

Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper

Trivy supply chain attack pushed malicious Docker images on March 22, enabling credential theft and worm spread, impacting ...

Varnish Launches Artifact Firewall, Expands Orca for Kubernetes and AI Workloads

Runtime layer accelerates and governs software and AI artifacts across distributed Kubernetes environments. Artifact ...

NanoClaw and Docker partner to make sandboxes the safest way for enterprises to deploy AI agents

Instead of one central AI system doing everything, the model emerging here is many bounded agents operating across teams, ...

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

Inside DockerGate: Using Static Analysis to Rein in Container Permissions

VMPLNew Delhi [India], March 14: Modern software infrastructure increasingly relies on containers, yet the security assumptions that govern them remain surprisingly blunt. As Docker has become the ...
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across ...
SecurityWeek

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack

Aqua Security’s Trivy vulnerability scanner was compromised in a supply chain attack, leading to information-stealing ...
CSO Online

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ ...

OpenClaw can bypass your EDR, DLP and IAM without triggering a single alert

Six security teams shipped six OpenClaw defense tools in 14 days. Three attack surfaces survived: runtime semantic ...

Betterleaks, a new open-source secrets scanner to replace Gitleaks

A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using ...