Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...
Security Boulevard

GitHub Actions Supply Chain Attack: Trivy Breach & Workflow

Breakdown of the Trivy GitHub Actions attack, including workflow misconfigurations, token theft, and supply chain exposure.
InfoQ

Open Source Security Tool Trivy Hit by Supply Chain Attack, Prompting Urgent Industry Response

A major security incident affecting the widely used open source vulnerability scanner Trivy has exposed critical weaknesses ...
dbta

Aqua Security Unveils Trivy Partner Connect to Boost Open Source Security Scanning

Aqua Security, a pioneer in cloud native security and the primary maintainer of Aqua Trivy, is launching the Trivy Partner Connect Program, expanding the commercial ecosystem around Trivy, an open ...
Dark Reading

DARPA: Closing the Open Source Security Gap With AI

Open source components continue to cause huge problems for security practitioners, and AIxCC was created to determine whether automation could help close the gap. At DEF CON 33, DARPA announced the ...
The Next Web

Hackers breached the European Commission by poisoning the security tool it used to protect itself

CERT-EU attributed a 92 GB data breach at the European Commission to TeamPCP, which compromised the Trivy security scanner in ...
Computer Weekly

Sysdig launches open source cloud security community

The latest trends and issues around the use of open source software in the enterprise. Sysdig is on a mission. That mission is one designed to unite millions of cloud security professionals and ...
InfoWorld

How GlassWorm wormed its way back into developers’ code — and what it says about open source security

Pervasive, evasive malware thought to have been eliminated has wormed its way back into development environments. Just a little over two weeks after GlassWorm was declared “fully contained and closed” ...