Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
The Hacker News

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

Magento flaw allows unauthenticated file uploads up to 2.4.9-alpha2, enabling RCE or takeover, exposing stores to attack risk ...

Popular Chrome extension "Save Image as Type" was hijacked, impacting over 1 million users

Google delisted the image conversion tool earlier this month, but not before it had likely been modifying thousands of users' browsers for several weeks. The group ...