Dark Reading

Trivy Supply Chain Attack Targets CI/CD Secrets

A threat actor used the open source security tool to breach CI/CD workflows and steal cloud credentials, SSH keys, and other ...

Trivy supply-chain attack spreads to Docker, GitHub repos

The TeamPCP hackers behind the Trivy supply-chain attack continued to target Aqua Security, pushing malicious Docker images ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
The Hacker News

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across ...
Hosted on MSN

Software supply chain attacks pose huge dangers - here's how to bolster your defenses

65% of organizations faced supply chain attacks in the past year GenAI adoption worsens risks; only 24% analyze AI-generated code for security or IP issues Compliance and continuous automation improve ...

AI Supply Chain Attacks: Why Digital Trust Is Now A Boardroom Priority

Organizations that invest early in AI integrity will be better positioned to meet evolving compliance requirements.
Eagle-Tribune

DigiCert Joins NIST Effort to Boost Software Supply Chain and DevSecOps Security

Lehi, Utah, Aug. 14, 2025 (GLOBE NEWSWIRE) -- DigiCert, a leading global provider of digital trust, today announced its participation in the National Institute of Standards and Technology (NIST) ...