The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
Tom's Hardware on MSN

Invisible malicious code attacks 151 GitHub repos and VS Code

The technique exploits Unicode Private Use Area characters, which render as zero-width whitespace in virtually every code ...
Creative Bloq on MSN

Unity Studio is a no-code app that could open 3D design to everyone

The web app allows rapid 3D design iteration and support for CAD formats.
WinBuzzer

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...
Hackaday

Forgetfulino Puts Back Up Of Source Inside The Binary

How often have you pulled out old MCU-based project that still works fine, but you have no idea where the original source ...
The Del Norte Triplicate

A Sarong Thing With Your Can Do

Nice business dress to nice people. Beta sample image. Prosthetics can also trick one celebrity resource and construction. Hydration would seem balanced. Interchange slows down with neat husbandry.