Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
A massive, self-replicating GlassWorm supply-chain attack has compromised hundreds of code repositories and extensions on ...
BuddyBoss was compromised in an ongoing supply chain attack that deployed malicious updates to over 300 WordPress sites, stealing credentials and financial keys.
Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across ...
Attackers operated an active C2 implant for up to a week and compromised AppSec vendor Xygeni's xygeni/xygeni-action in that time.
Tom's Hardware on MSN
Invisible malicious code attacks 151 GitHub repos and VS Code
The technique exploits Unicode Private Use Area characters, which render as zero-width whitespace in virtually every code ...
The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python ...
The Trivy supply chain compromise gave attackers a way to deliver malicious infostealer code. Learn how it happened and ...
Threat actors compromised the Open VSX Registry on January 30, 2026, pushing malicious updates to four trusted VS Code extensions with over 22,000 combined downloads. The attack targeted macOS ...
Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results