Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
The Hacker News

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across developer systems.

Iran-linked hackers restore website after US seizes domains

The website used by ​an Iranian government-linked hacking unit that claimed responsibility for a March 11 cyberattack on ‌a U.S. medical device maker is back up and running a day after the FBI and ...
PCMag

Man Used 373,000 Sites On Dark Web To Swindle Predators, Hackers

The 35-year-old suspect in China raked in an estimated $400,000 by creating a huge network of sites that dangled illegal material, but never delivered, investigators say.

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
Hackaday

This Week In Security: Linux Flaws, Python Ownage, And A Botnet Shutdown

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...

FBI seizes website tied to Iranian cyberattack on U.S. company

The Iran-linked hacking group had been quiet since causing significant disruptions to American medical company Stryker.
Infosecurity Magazine

Hackers Exploit Critical Langflow Bug in Just 20 Hours

Threat actors have demonstrated just how quickly they operate today after exploiting a critical open source vulnerability ...

Justice Department seizes several websites it says spread terrorist propaganda

The Justice Department on Thursday seized several websites it says were used by Iran as part of “psychological operations” ...