Tag: supply-chain
-
US Bans New Foreign-Made Routers, Citing ‘Unacceptable’ Security Risks
The FCC bans new foreign-made routers over national security risks, a move that could reshape the US tech supply chain and impact pricing and availability. The post US Bans New Foreign-Made Routers, Citing ‘Unacceptable’ Security Risks appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-fcc-bans-foreign-made-routers-national-security/
-
The Trivy Supply Chain Compromise: What Happened and Playbooks to Respond
Tags: supply-chain<div cla The Trivy Supply Chain Compromise: What Happened and Playbooks to Respond First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/the-trivy-supply-chain-compromise-what-happened-and-playbooks-to-respond/
-
US FCC Targets Foreign Routers in Supply-Chain Crackdown
New Rule Blocks Approval of Foreign Routers Without Federal Clearance. The FCC acted on a White House security determination and announced a block on new foreign-made routers from entering U.S. markets – unless vendors meet strict national security reviews, citing their role in state-linked cyber campaigns and risks to U.S. network edge infrastructure. First seen…
-
Understanding Wiz’s Approach to Securing the AI Supply Chain
As organizations race to deploy AI, securing the rapidly expanding ecosystem of models, data, and dependencies has become a critical priority, much of which can be addressed by Wiz’s CNAPP solution. First seen on hackread.com Jump to article: hackread.com/understanding-wizs-approach-securing-ai-supply-chain/
-
Critics call FCC router rule a ‘big swing’ that could create more supply chain uncertainty
The choice to ban all foreign-made routers instead of targeting known risks could create legal and supply chain disruptions with unclear national security returns. First seen on cyberscoop.com Jump to article: cyberscoop.com/fcc-bans-foreign-routers-critics-warn-about-supply-chain/
-
Introducing the Identity and Access Gaps in the Age of Autonomous AI Survey Report
2 min readThe Trivy incident exposed a credential architecture failure, not just a supply chain one. Here’s the case for workload identity and access. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/introducing-the-identity-and-access-gaps-in-the-age-of-autonomous-ai-survey-report/
-
Trivy’s March Supply Chain Attack Shows Where Secret Exposure Hurts Most
The Trivy story is moving quickly, and the latest reporting makes one thing clear: this is no longer just a GitHub Actions tag hijack. What started as a compromise of trivy-action, setup-trivy, and the v0.69.4 release has expanded into malicious Docker Hub images. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/trivys-march-supply-chain-attack-shows-where-secret-exposure-hurts-most/
-
TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack.The workflows, both maintained by the supply chain security company Checkmarx, are listed below -checkmarx/ast-github-actioncheckmarx/kics-github-actionCloud security First seen on thehackernews.com Jump to article:…
-
NSFOCUS Threat Intelligence: Building an OpenClaw Defense System with Multiple-Layer Protection
In 2026, AI agents are being widely used. OpenClaw has become a high-frequency efficiency improvement tool for enterprises and developers with its autonomous decision-making and local execution capabilities. However, several authoritative security agencies have recently issued warnings: OpenClaw is facing multi-dimensional security threats from supply chain poisoning to remote control. When internal employees privately deploy…The…
-
Microsoft Unveils New GenAI Security Protections in Azure AI Foundry
Microsoft has outlined a new set of security safeguards designed to protect generative AI models hosted on Azure AI Foundry, as organizations increasingly adopt advanced AI systems into critical workflows. The move comes amid rapid growth in generative AI capabilities, where new models are released frequently, raising concerns about trust, data security, and supply chain…
-
New CanisterWorm Targets Kubernetes Clusters, Deploys “Kamikaze” Wiper
CanisterWorm spreads via npm supply chain attack, hijacks developer accounts, targets Kubernetes clusters, and deploys destructive Kamikaze wiper payload. First seen on hackread.com Jump to article: hackread.com/canisterworm-kubernetes-clusters-kamikaze-wiper/
-
Trivy Supply Chain Attack Targets CI/CD Secrets
A threat actor used the open source security tool to deploy an infostealer into CI/CD workflows and steal cloud credentials, SSH keys, tokens, and other sensitive secrets. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/trivy-supply-chain-attack-targets-ci-cd-secrets
-
The Trivy Compromise: The Fallacy of Secrets Management and the Case for Workload Identity
6 min readThe Trivy incident exposed a credential architecture failure, not just a supply chain one. Here’s the case for workload identity and access. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/the-trivy-compromise-the-fallacy-of-secrets-management-and-the-case-for-workload-identity/
-
Trivy supply-chain attack spreads to Docker, GitHub repos
The TeamPCP hackers behind the Trivy supply-chain attack continued to target Aqua Security, pushing malicious Docker images and hijacking the company’s GitHub organization to tamper with dozens of repositories. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trivy-supply-chain-attack-spreads-to-docker-github-repos/
-
Trivy Scanner Compromise Explained and What it Means For Your SaaS and CI/CD Security
The Trivy supply chain compromise gave attackers a way to deliver malicious infostealer code. Learn how it happened and required remediation steps to audit your environment. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/trivy-scanner-compromise-explained-and-what-it-means-for-your-saas-and-ci-cd-security/
-
44 Aqua Security repositories defaced after Trivy supply chain breach
Malicious Trivy images on Docker Hub spread infostealer malware, exposing developers after a supply chain attack. Researchers found malicious Trivy images on Docker Hub linked to a supply chain attack. Versions 0.69.40.69.6, now removed, contained TeamPCP infostealer code. Suspicious tags were pushed without matching GitHub releases, increasing the risk to developers using compromised container images.…
-
Trivy Supply Chain Attack Expands With New Compromised Docker Images
New Trivy Docker images 0.69.5 and 0.69.6 compromised with TeamPCP infostealer, impacting CI/CD scans First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/trivy-supply-chain-attack-expands/
-
âš¡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories.This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down, and exploits moving quickly from disclosure to real attacks.…
-
âš¡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories.This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down, and exploits moving quickly from disclosure to real attacks.…
-
Supply-Chain-Attacke: Trivy-Scanner und 140 NPM-Pakete kompromittiert
Ein Angreifer hat Malware in den Schwachstellenscanner Trivy sowie über 140 NPM-Pakete eingeschleust. Er sammelt Daten und richtet Backdoors ein. First seen on golem.de Jump to article: www.golem.de/news/supply-chain-attacke-trivy-scanner-und-140-npm-pakete-kompromittiert-2603-206808.html
-
Why US companies must be ready for quantum by 2030: A practical roadmap
Tags: api, backup, control, crypto, cryptography, data, encryption, endpoint, firmware, government, identity, infrastructure, ml, nist, risk, service, software, strategy, supply-chain, update, vpn“Harvest now, decrypt later” is not theoretical. If an attacker steals encrypted session captures or archived backups, the confidentiality loss happens the day quantum-capable decryption becomes practical. Your risk horizon is set by the shelf life of your data, not the arrival date of a quantum computer.Government and critical infrastructure guidance are converging. The National…
-
Why US companies must be ready for quantum by 2030: A practical roadmap
Tags: api, backup, control, crypto, cryptography, data, encryption, endpoint, firmware, government, identity, infrastructure, ml, nist, risk, service, software, strategy, supply-chain, update, vpn“Harvest now, decrypt later” is not theoretical. If an attacker steals encrypted session captures or archived backups, the confidentiality loss happens the day quantum-capable decryption becomes practical. Your risk horizon is set by the shelf life of your data, not the arrival date of a quantum computer.Government and critical infrastructure guidance are converging. The National…
-
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments.The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4, 0.69.5, and 0.69.6 have since been removed from the container image library.”New image tags 0.69.5 and…
-
CanisterWorm Hijacks npm Publisher Accounts, Steals Tokens
A highly automated npm supply chain campaign, dubbed “CanisterWorm,” in which threat actors steal npm access tokens and weaponize legitimate publisher accounts at scale. The group, tracked as “TeamPCP,” has compromised trusted namespaces including @emilgroup and @teale.io, pushing new SDK versions that silently deploy a persistent backdoor and then self-spread across every package the victim…
-
Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trivy-vulnerability-scanner-breach-pushed-infostealer-via-github-actions/
-
Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trivy-vulnerability-scanner-breach-pushed-infostealer-via-github-actions/
-
Trivy Vulnerability Scanner Compromised to Inject Malicious Scripts That Steal Credentials
Tags: attack, breach, credentials, cyber, github, malicious, security-incident, supply-chain, vulnerabilityA highly sophisticated supply chain attack has successfully compromised the official Trivy GitHub Actions repository, severely impacting continuous integration environments. Discovered on March 19, 2026, this breach represents the second major security incident to strike the Trivy ecosystem this month following a prior credential theft. Attackers effectively hijacked 75 out of 76 version tags, transforming…
-
Trivy Vulnerability Scanner Compromised to Inject Malicious Scripts That Steal Credentials
Tags: attack, breach, credentials, cyber, github, malicious, security-incident, supply-chain, vulnerabilityA highly sophisticated supply chain attack has successfully compromised the official Trivy GitHub Actions repository, severely impacting continuous integration environments. Discovered on March 19, 2026, this breach represents the second major security incident to strike the Trivy ecosystem this month following a prior credential theft. Attackers effectively hijacked 75 out of 76 version tags, transforming…
-
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm.The name is a reference to the fact that the malware uses an ICP canister,…