Security Boulevard

GitHub Actions Supply Chain Attack: Trivy Breach & Workflow

Breakdown of the Trivy GitHub Actions attack, including workflow misconfigurations, token theft, and supply chain exposure.
Security Boulevard

This fake Windows support website delivers password-stealing malware

A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.
GitHub

A Python script that finds and removes duplicate files in Google Drive. Works with all three target types — My Drive, Shared Drives, and any specific subfolder — with full ...

The script detects which type it is automatically — no other config changes needed. On first run a browser window will open for authorization. After that, a token.json file is saved so you won't need ...
GitHub

developmentseed/action-python-security-auditing

Running bandit and pip-audit directly — or using the official focused actions (PyCQA/bandit-action and pypa/gh-action-pip-audit) — is a reasonable and common approach. Those tools and actions are fine ...