Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
Hackaday

This Week In Security: Linux Flaws, Python Ownage, And A Botnet Shutdown

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...
GitHub

SAP Skills for Claude Code

Production-ready Claude Code plugins for SAP development. Each plugin provides context-aware skills that activate automatically when you work with SAP BTP, CAP, Fiori, ABAP, Analytics, and more. Note: ...

Fake Claude Code & OpenClaw AI Tools Delivering Data-Stealing Malware to Developers

Hackers are using fake Claude Code and OpenClaw downloads to spread data-stealing malware like Amatera and AMOS among developers.
WeLiveSecurity

EDR killers explained: Beyond the drivers

ESET researchers dive deeper into the EDR killer ecosystem, disclosing how attackers abuse vulnerable drivers.

New ‘Perseus’ Android malware checks user notes for secrets

A new Android malware called Perseus is checking user-curated notes to steal sensitive information, like passwords, recovery ...

Glassworm Malware Campaign Uses Invisible Code To Infect Hundreds Of GitHub Repos

The GlassWorm malware made news when it pivoted from exclusively targeting Windows users to also targeting Mac OS users in January, and in the time since, the malware campaign has spread across at ...
The Hacker News

Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT

Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan (RATs) payloads that ...
Microsoft

AI as tradecraft: How threat actors operationalize AI

Threat actors are operationalizing AI along the cyberattack lifecycle to accelerate tradecraft, abusing both intended model capabilities and jailbreaking techniques to bypass safeguards and perform ...
GitHub

An opinionated approach to productive development with Claude Code

You can select whether to take the interactive tutorial at the end of the installer. Its pretty quick and it will fully onboard you if you're new, using cc-sessions ...