Trivy supply-chain attack spreads to Docker, GitHub repos

The TeamPCP hackers behind the Trivy supply-chain attack continued to target Aqua Security, pushing malicious Docker images ...
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across ...

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

TeamPCP hackers deface Aqua Security's internal GitHub

Aqua Security is scrambling to recover from supply chain attacks that first compromised the vendor's Trivy vulnerability ...
Blockonomi

OpenClaw Developers Hit by GitHub Phishing Campaign Designed to Drain Crypto Wallets

OX Security exposes a GitHub phishing campaign targeting OpenClaw developers with fake $CLAW airdrops and a cloned site built ...

Hackers exploit OpenClaw hype on GitHub to steal crypto funds

Crypto scammers are exploiting the rising visibility of OpenClaw to target developers through a coordinated phishing campaign ...

These fake GitHub "security alerts" could actually let hackers hijack your account

Security researchers spot new phishing campaign targeting GitHub users A fake "security alert" GitHub account was notifying ...
Threat Post

GitHub Prepares to Move Beyond Passwords

GitHub adds support for FIDO2 security keys for Git over SSH to fend off account hijacking and further its plan to stick a fork in the security bane of passwords. GitHub, the ubiquitous host for ...
Security

GitHub Advanced Security integrates Endor Labs for end-to-end application security

Endor Labs today announced a critical partnership with GitHub, the platform for software developers to create and share code. In an environment where the number of Common Vulnerabilities and Exposures ...
InfoWorld

GitHub to unbundle Advanced Security

GitHub Secret Protection and GitHub Code Security will extend access to advanced code and secret scanning to organizations of all sizes. GitHub announced plans to unbundle its GitHub Advanced Security ...