CSO Online

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ Trivy maintainer says.
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
Hackaday

This Week In Security: Linux Flaws, Python Ownage, And A Botnet Shutdown

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...
Infosecurity Magazine

Hackers Exploit Critical Langflow Bug in Just 20 Hours

Threat actors have demonstrated just how quickly they operate today after exploiting a critical open source vulnerability ...
Wired

A $10K Bounty Awaits Anyone Who Can Hack Ring Cameras to Stop Sharing Data With Amazon

The Fulu Foundation, a nonprofit that pays out bounties for removing user-hostile features, is hunting for a way to keep Ring cameras from sending data to Amazon—without breaking the hardware. The ad ...
PC World

Fake CAPTCHA pages are tricking users into installing malware

PCWorld reports that hackers are using fake CAPTCHA pages to trick users into installing malware through deceptive keyboard shortcuts. The scam instructs users to press Windows key + R, Ctrl + V, and ...
siliconera

.hack Character Plush Merchandise Returns

Following CyberConnect2 announcing the return of the .hack series with a new game, it also brought back character merchandise from games and anime adaptations in the form of plush toys. While there’s ...
Polygon

Classic RPG franchise returns with new game after 14 years

Fourteen years after the last titles in the .hack series, CyberConnect2 is celebrating the studio's 30th anniversary by unveiling .hack//Z.E.R.O., also known as "Project Dusk." With no release date ...
Ars Technica

Archive.today CAPTCHA page executes DDoS; Wikipedia considers banning site

Wikipedia editors are discussing whether to blacklist Archive.today because the archive site was used to direct a distributed denial of service (DDoS) attack against a blogger who wrote a post in 2023 ...
TweakTown

Notepad++ hack detailed - and what to do if you think you might be affected

TL;DR: Notepad++ was compromised for six months, but it wasn't the software itself which the exploit leveraged, but its hosting provider. An investigation into the attack has just been concluded with ...
TechCrunch

Fintech firm Marquis blames hack at firewall provider SonicWall for its data breach

Fintech firm Marquis told customers that it plans to seek compensation from its firewall provider after blaming the company for a breach that allowed hackers to steal its customers’ personal and ...