CSO Online

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ Trivy maintainer says.
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.

Securing the Code Factory: Why SDLC Infrastructure Has Become a Core Cloud Risk

For years, software security focused on the final product: the code that ships. Today, attackers are increasingly targeting ...

Chainguard is racing to fix trust in AI-built software - here's how

Chainguard is expanding beyond open-source security to protect open-core software, AI agent skills, and GitHub Actions.

Anthropic just shipped an OpenClaw killer called Claude Code Channels, letting you message it over Telegram and Discord

The consensus among early adopters is that Anthropic has successfully internalized the most desirable features of the open-source movement—multi-channel support and long-term memory ...

Keycard Releases Runtime Governance for Autonomous Coding Agents

Keycard, the provider of identity and access for AI agents, today released Keycard for Coding Agents, giving security and ...
TMCnet

Boost Security Launches Developer Endpoint Security to Secure AI-Driven Software Development at the Source

Boost Security today announced Boost Security Developer Endpoint Security, a new platform designed to secure the rapidly expanding attack surface created by AI-powered software development. The ...

Security Policy Is Already Code—We Just Don’t Treat It That Way

As cloud infrastructure scales, organizations must move toward systems where policy automatically corrects misconfigurations ...
Hackaday

Forgetfulino Puts Back Up Of Source Inside The Binary

How often have you pulled out old MCU-based project that still works fine, but you have no idea where the original source ...
The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at runtime.

ActiveState Launches Curated Catalogs to Neutralize Security Risks in AI-Generated Code

New private repository secures the AI-driven development boom by grounding LLMs in a library of 79 million vetted, rebuilt-from-source components VANCOUVER, BC, March 17, 2026 /PRNewswire/ -- ...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...