The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ Trivy maintainer says.

Nvidia led a week of big AI moves, major security threats, app ecosystem changes, and tech industry shakeups across Apple, Google, Meta, Microsoft, and OpenAI.

Since February, cryptographer Nadim Kobeissi has been trying to get code fixes applied to Rust cryptography libraries to ...

A K-12 school safety and student well-being solutions provider that runs a tip-reporting platform has reportedly been hit by a major cyberattack. The breach may have exposed the personal information ...

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.

Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching cycles.

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...

Chainguard is expanding beyond open-source security to protect open-core software, AI agent skills, and GitHub Actions.

Vibe coding apps ship with alarming security flaws. What founders need to know about AI-generated code vulnerabilities in ...

Because attacker-supplied flow data is used in public flows, the bug leads to unauthenticated remote code execution.

Semgrep, a leading code security company, today announced Semgrep Multimodal, a system that combines AI reasoning with rule-based analysis for detection, triage, and remediation.