Trivy security tool compromised in major supply-chain attack

Researchers determined that the attackers gained access through previously stolen credentials from an earlier March breach.

Latest Security News

View Archive →

Security News

Police dismantle over 370K fake dark web sites offering CSAM and CaaS

The sites were part of a large-scale scam that advertised fake CSAM u201cpackages,u201d as well as other cybercrime services.

March 23, 2026 3 min read

Security News

Russian intelligence targeting Signal and WhatsApp in phishing campaigns

The attacks do not break end-to-end encryption but instead rely on account hijacking techniques.

March 23, 2026 3 min read

Security News

Cyber Security Week in Review: March 20, 2026

In brief: Threat actors are exploiting Zimbra, MS SharePoint and WingFTP flaws, police disrupt the Aisuru, KimWolf, JackSkid and Mossad botnets, and more.

March 20, 2026 15 min read

Security News

New DarkSword exploit kit targets iPhones, steals crypto and personal data

DarkSword leverages six known vulnerabilities to gain deep access to compromised devices.

🕒 March 19, 2026 • 4 min read

Security News

Interlock ransomware gang exploits Cisco firewall zero-day in targeted attacks

Interlock had been abusing the flaw as a zero-day issue in real-world attacks as early as January 26.

🕒 March 19, 2026 • 3 min read

Security News

GlassWorm supply-chain attack expands across GitHub, npm, and VSCode

Attackers gained initial access by compromising GitHub accounts and force-pushing malicious commits into existing projects.

🕒 March 18, 2026 • 2 min read

Trivy security tool compromised in major supply-chain attack

Latest Security News

Police dismantle over 370K fake dark web sites offering CSAM and CaaS

Russian intelligence targeting Signal and WhatsApp in phishing campaigns

Cyber Security Week in Review: March 20, 2026

New DarkSword exploit kit targets iPhones, steals crypto and personal data

Interlock ransomware gang exploits Cisco firewall zero-day in targeted attacks

GlassWorm supply-chain attack expands across GitHub, npm, and VSCode

Please verify you're human