Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...

Because attacker-supplied flow data is used in public flows, the bug leads to unauthenticated remote code execution.

Reports about Android malware infecting devices aren't all that new. There are scrapers, trojans, spyware, adware, and more, ...

Built on Semgrep Workflows, a new framework for autonomous code security, Semgrep Multimodal finds 8x more true positives while cutting noise by 50% compared to foundation models aloneSAN ...

As AI systems grow more autonomous, observability becomes essential. Learn how visibility into AI behavior helps detect risk and strengthen secure development.

Apple has released important updates for older iPhones and iPads that do not run the newer versions of iOS and iPadOS. These updates include security patches to counter a dangerous exploit kit, that ...

Hackers can change a single byte to insert malware undetected, posing as an apparently corrupted ZIP file dubbed Zombie Zip.

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

OpenAI unveiled Codex Security on Friday, an advanced application security tool that detects complex software vulnerabilities. Available in research preview to ChatGPT Enterprise, Business, and Edu ...

Abstract: Modern Python applications heavily rely on third-party libraries (TPLs), which can introduce security risks when vulnerabilities in these libraries silently propagate into client code.

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...