Trivy supply-chain attack spreads to Docker, GitHub repos

The TeamPCP hackers behind the Trivy supply-chain attack continued to target Aqua Security, pushing malicious Docker images ...
Cyber Defense Magazine

AI Is Writing Your Code. But Who Is Securing It?

AI coding assistants have unleashed new superpowers for developers, with the likes of GitHub Copilot, Cursor’s AI code editor ...
Krebs on Security

‘CanisterWorm’ Springs Wiper Attack Targeting Iran

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm ...
Visual Studio Magazine

Visual Studio Code 1.112 Adds Integrated Browser Debugging, More Copilot CLI Control

Visual Studio Code 1.112, released March 18, expands Copilot agent autonomy, adds MCP server sandboxing on macOS and Linux, enables in-editor web app debugging, and broadens monorepo support for agent ...
TMCnet

OX Security Announces Integration with Tenable to Close the Cloud-to-Code Gap

OX Security today announced a new integration with Tenable, the exposure management company, designed to eliminate fragmented ...
Mid-Day

Hassan Taher on 5 AI Models To Use For Coding in 2026

Software development teams have absorbed AI coding tools faster than almost any other professional group. GitHub Copilot crossed one million paid users within months of its 2022 launch. Today the ...

Over 29 million secrets were leaked on GitHub in 2025, and AI really isn't helping

This is according to GitGuardian’s latest report, the “State of Secrets Sprawl” paper that was just released. In the research ...

Fake AI Developer Tools Are Distributing Amatera and AMOS Malware

Hackers are using malvertising campaigns to disguise infostealers as AI tools.

TeamPCP hackers deface Aqua Security's internal GitHub

Aqua Security is scrambling to recover from supply chain attacks that first compromised the vendor's Trivy vulnerability ...
SecurityWeek

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack

Aqua Security’s Trivy vulnerability scanner was compromised in a supply chain attack, leading to information-stealing ...