Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the ...

Chainguard is racing to fix trust in AI-built software - here's how ...

Attackers have hijacked 75 of 76 GitHub Actions tags for Aqua Security's Trivy scanner, distributing credential-stealing ...

GitHub is adding AI-powered security detections to its Code Security offering, aiming to catch more vulnerabilities across a ...

JFrog has uncovered GhostClaw, a fake OpenClaw npm package that stole Keychain passwords, cloud credentials, and crypto wallets from 178 macOS developers.

GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static analysis and cover more languages and frameworks.

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB of data.

Anthropic’s new auto mode for Claude Code lets AI execute tasks with fewer approvals, reflecting a broader shift toward more ...

TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx, and the LiteLLM AI library — and all signs point to more attacks to come.

The exploit is now publicly available on GitHub, increasing the urgency for older iPhones and iPads to run the latest available iOS and iPadOS versions.