Security Boulevard

Trivy’s March Supply Chain Attack Shows Where Secret Exposure Hurts Most

The Trivy story is moving quickly, and the latest reporting makes one thing clear: this is no longer just a GitHub Actions ...
SecurityWeek

RSAC 2026 Conference Announcements Summary (Pre-Event)

A summary of the announcements made by vendors in the days leading up to the RSAC 2026 Conference. As hundreds of vendors ...
Dark Reading

Attackers Hide Infostealer in Copyright Infringement Notices

A phishing campaign targeting healthcare, government, hospitality, and education sectors uses several evasion techniques to ...

FBI says Iranian hackers are using Telegram to steal data in malware attacks

Hackers working for Iran’s government are using Telegram in hacking operations that use malware to target dissidents, ...

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
Arabian Post on MSN

Pyronut malware targets Telegram bot developers

A malicious Python package masquerading as a legitimate Telegram development tool has been identified as a vehicle for remote code execution attacks, raising concerns about supply chain security ...
Techzine Europe

GlassWorm malware surfaces in development environments

A large-scale GlassWorm malware campaign targeting developer platforms appears to be significantly more extensive and ...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python ...
Security Boulevard

Fake Temu Coin airdrop uses ClickFix trick to install stealthy malware

A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a ...
Cybernews

Researcher discovers severe antivirus blind spot: corrupted ZIP files evade nearly all scanners

Hackers can change a single byte to insert malware undetected, posing as an apparently corrupted ZIP file dubbed Zombie Zip.
Lifehacker

This Scam Impersonates the Official Claude Code Website to Spread Malware

Emily Long is a freelance writer based in Salt Lake City. After graduating from Duke University, she spent several years reporting on the federal workforce for Government Executive, a publication of ...