Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

Betterleaks, a new open-source secrets scanner to replace Gitleaks

A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using default or customized rules.

Scanning That QR Code Can Leave You Vulnerable. Here’s How to Protect Yourself

But QR codes can also leave you vulnerable. That’s because scammers, organized criminal gangs, and shady nation-states are ...

Who loves QR codes? Scammers, that's who, according to the FBI, FTC and others

Scammers are using QR codes to trick people into paying them. Methods include sticking scam codes over legit ones on parking kiosks for example, or sending anonymous packages with QR codes.

Watch what you scan: Quishing attacks are on the rise

In quishing attacks, cybercriminals place QR codes containing malicious links in public places, such as parking meters or ...

The FBI Warns Americans To Avoid Scanning These QR Codes

QR codes have become an everyday occurrence for a lot of things we encounter, but multiple federal agencies are urging ...

This Cheap Harbor Freight Gadgets Turns Your Phone Into An OBDII Code Reader

When mysterious lights start appearing on your car's dashboard, an affordable OBD2 dongle can help you diagnose and fix problems.
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.

Digital Accelerant Introduces Executive Impact Generator™ to Turn QR Code Scans Into Lead Magnets

New AI-powered feature gives professionals a compelling reason to scan their Video Business Cards™ by instantly ...
The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at runtime.