Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
Dark Reading

Attackers Hide Infostealer in Copyright Infringement Notices

A phishing campaign targeting healthcare, government, hospitality, and education sectors uses several evasion techniques to ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
Dark Reading

Cyber OpSec Fail: Beast Gang Exposes Ransomware Server

Files on a central cloud server used by the ransomware group highlight a systematic, aggressive attack on network backups as ...
Analytics Insight

PDF vs CSV Financial Data Extraction: Choosing the Right Approach

If you’re wrangling financial data, the choice between PDF and CSV formats can seriously impact your workflow. PDFs look ...
CSO Online

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ ...

Termite ransomware breaches linked to ClickFix CastleRAT attacks

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.
Hackaday

This Week In Security: Linux Flaws, Python Ownage, And A Botnet Shutdown

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...
TechJuice

GlassWorm Malware Silently Infects Hundreds of Python Projects

GlassWorm attack uses stolen GitHub tokens to inject malware into Python repositories, exposing developers to supply chain ...

Fake job applications pack malware that kills endpoint detection before stealing data

Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses A Russian-speaking cyber criminal ...
eWeek

Canon Dumps Perimeter Security for Vera’s Data-centric Approach

eSpeaks’ Corey Noles talks with Rob Israch, President of Tipalti, about what it means to lead with Global-First Finance and how companies can build scalable, compliant operations in an increasingly ...