Search
Login
Register
Menu
HOME
Current Articles
|
Archives
|
Search
21
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
Master Code Fu
posted on March 21, 2026 10:19
The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm. The name is a reference to the fact that the malware uses an ICP canister, which refers to tamperproof smart contracts on
[Read the rest of this article...]
Posted in:
Security News
Actions:
E-mail
|
Permalink
|
Comments (0)
21
CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
Master Code Fu
posted on March 21, 2026 10:19
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch them by April 3, 2026. The vulnerabilities that have come under exploitation are listed below - CVE-2025-31277 (CVSS score: 8.8) - A vulnerability in Apple
[Read the rest of this article...]
Posted in:
Security News
Actions:
E-mail
|
Permalink
|
Comments (0)
21
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
Master Code Fu
posted on March 21, 2026 10:19
Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware that stole sensitive CI/CD secrets. The latest incident impacted GitHub Actions "aquasecurity/trivy-action" and "aquasecurity/setup-trivy," which are used to scan Docker container images for vulnerabilities and set up GitHub Actions workflow
[Read the rest of this article...]
Posted in:
Security News
Actions:
E-mail
|
Permalink
|
Comments (0)
21
Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
Master Code Fu
posted on March 21, 2026 10:19
A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities. The security defect, tracked as CVE-2026-33017 (CVSS score: 9.3), is a case of missing authentication combined with code injection that could result in remote code execution. "The POST /api/v1
[Read the rest of this article...]
Posted in:
Security News
Actions:
E-mail
|
Permalink
|
Comments (0)
21
Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
Master Code Fu
posted on March 21, 2026 10:19
Google on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety. The new changes come against the backdrop of a developer verification mandate the tech giant announced last year that requires all Android apps to be registered by verified developers to
[Read the rest of this article...]
Posted in:
Security News
Actions:
E-mail
|
Permalink
|
Comments (0)
Page 1 of 10
First
Previous
[1]
2
3
4
5
6
7
8
9
10
Next
Last