Security Boulevard

An Evolving GlassWorm Malware is Making the Rounds of Code Repositories

GlassWorm is evolving. Security researchers say the malware, which infiltrates code repositories with malicious extensions, can now deploy a RAT, is targeting MCP servers, and has a new way of moving ...

Built to scale: Industrial contracting in Greater Baton Rouge

Eight Baton Rouge-based industrial contractors rank in the nation's top 20, including four of the top five. Here's how a city ...

Canadian defence-procurement agency expected to reduce $100-million contract minimum

Changes likely to take effect when the Defence Investment Agency becomes its own stand-alone entity, Stephen Fuhr says ...
WinBuzzer

Trivy Breached Twice in a Month via GitHub Actions

Attackers have hijacked 75 of 76 GitHub Actions tags for Aqua Security's Trivy scanner, distributing credential-stealing ...
Payload Asia

DHL Express and SHEIN sign GoGreen Plus agreement to advance more sustainable logistics in cross-border E-commerce

Amy Yang, Global Head of Channel Logistics, SHEIN; Ethan Shen, Global Head of Supply Chain Logisitcs & Fulfilment, SHEIN; ...
WinBuzzer

DarkSword iOS Exploit Leaks on GitHub, Threatens Millions

A government-grade iOS exploit kit called DarkSword has been leaked on GitHub, putting hundreds of millions of iPhones ...
Payload Asia

DHL Express partners Malaysia Aviation Group to reduce greenhouse gas emissions using sustainable aviation fuel

Julian Neo, Managing Director of DHL Express Malaysia and Brunei, and Philip See, Group Chief Sustainability Officer, ...
Cyber Daily

Government proposes 5 changes to SOCI Act in overhaul of ministerial directions powers

A newly released consultation paper suggests “targeted reforms” such as disclosure delays and restrictions on “high-risk ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...

A simple coding mistake is exposing API keys across thousands of websites

A large-scale study has revealed that websites are unintentionally exposing API keys tied to services like AWS, Stripe, and OpenAI, with most leaks traced back to publicly accessible JavaScript files.
The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...