Dark Reading

Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit

TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx, and the LiteLLM AI library — and all signs point ...
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across ...

Betterleaks, a new open-source secrets scanner to replace Gitleaks

A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using ...
The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at ...

ClawSecure: The Only Complete Security Solution for OpenClaw Agents

While competing tools address fragments of OpenClaw security, ClawSecure is the only platform combining scanning, ...

GitHub adds AI-powered bug detection to expand security coverage

GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static ...

OX Security Introduces the First Agentic Pentester to Link Exploits Directly to Code

OX Security today announced OX Agentic Pentester, a continuous penetration testing capability powered by agentic AI that validates real-world exploitability and connects each verified exposure ...
VentureBeat

Meet Aardvark, OpenAI’s security agent for code analysis and patching

An aardvark works in an office typing at a desktop PC while happy human workers mill about in the background. Credit: VentureBeat made with ChatGPT Positioned as a scalable defense tool for modern ...
Cyber Daily

Code security platform Trivy compromised by malicious packages

The open-source supply chain hack represents “meaningful industry-wide risk”, according to an industry expert.