If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ Trivy maintainer says.

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...

CTI-REALM is Microsoft’s open-source benchmark that evaluates AI agents on real-world detection engineering. It measures whether an agent can take cyber threat intelligence (CTI) and produce validated ...

Because attacker-supplied flow data is used in public flows, the bug leads to unauthenticated remote code execution.

Reports about Android malware infecting devices aren't all that new. There are scrapers, trojans, spyware, adware, and more, ...

Built on Semgrep Workflows, a new framework for autonomous code security, Semgrep Multimodal finds 8x more true positives while cutting noise by 50% compared to foundation models aloneSAN ...

Apple has released important updates for older iPhones and iPads that do not run the newer versions of iOS and iPadOS. These updates include security patches to counter a dangerous exploit kit, that ...

Hackers can change a single byte to insert malware undetected, posing as an apparently corrupted ZIP file dubbed Zombie Zip.

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

OpenAI unveiled Codex Security on Friday, an advanced application security tool that detects complex software vulnerabilities. Available in research preview to ChatGPT Enterprise, Business, and Edu ...

Abstract: Modern Python applications heavily rely on third-party libraries (TPLs), which can introduce security risks when vulnerabilities in these libraries silently propagate into client code.