Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
CSO Online

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ Trivy maintainer says.
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...

Chainguard is racing to fix trust in AI-built software - here's how

Chainguard is racing to fix trust in AI-built software - here's how ...

ClawSecure Outranks Google on Product Hunt as Demand for OpenClaw Security Surges

ClawSecure reached #2 Product of the Day with 1,498 users scanning OpenClaw agents in 24 hours, outranking Google ...
TMCnet

Keycard Releases Runtime Governance for Autonomous Coding Agents

Keycard, the provider of identity and access for AI agents, today released Keycard for Coding Agents, giving security and ...
Computer Weekly

Boost Security fires turbo into developer security to secure AI-driven programming

Boost Security Developer Endpoint Security has been engineered to address this gap by securing the developer environment directly, embedding protection into the tools, agents and workflows where code ...
TMCnet

Boost Security Launches Developer Endpoint Security to Secure AI-Driven Software Development at the Source

Boost Security today announced Boost Security Developer Endpoint Security, a new platform designed to secure the rapidly expanding attack surface created by AI-powered software development. The ...

ActiveState Launches Curated Catalogs to Neutralize Security Risks in AI-Generated Code

New private repository secures the AI-driven development boom by grounding LLMs in a library of 79 million vetted, rebuilt-from-source components VANCOUVER, BC, March 17, 2026 /PRNewswire/ -- ...

OpenAI reportedly developing internal code repository following GitHub outages

OpenAI reportedly developing internal code repository following GitHub outages ...
Microsoft

Contagious Interview: Malware delivered through fake developer job interviews

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...