Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
The Hacker News

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across developer systems.

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
CSO Online

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ Trivy maintainer says.

AI Supply Chain Attacks: Why Digital Trust Is Now A Boardroom Priority

Organizations that invest early in AI integrity will be better positioned to meet evolving compliance requirements.
The Hacker News

UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours

UNC6426 used stolen GitHub tokens from the 2025 nx npm breach to gain AWS admin access in under 72 hours, enabling data theft and cloud destruction.
GovCon Wire

The Cybersecurity Challenges of the Supply Chain: Navigating Risks in a Hyper-Connected, Emerging-Tech World

In the current digital environment, supply chains are essential to national security, vital infrastructure and international trade. They have, however, also emerged as one of the most often used ...
Tech.co

Jaguar Land Rover Cyberattack Has Crippled the Supply Chain

A cyberattack on Jaguar Land Rover in late August has had a serious impact on the automotive supply chain in the UK. There has been a significant cyberattack on Jaguar Land Rover that is having a ...