NanoClaw and Docker partner to make sandboxes the safest way for enterprises to deploy AI agents

Instead of one central AI system doing everything, the model emerging here is many bounded agents operating across teams, ...
The Hacker News

Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper

Trivy supply chain attack pushed malicious Docker images on March 22, enabling credential theft and worm spread, impacting ...
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across ...

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
Hackaday

This Week In Security: Second Verse, Worse Than The First

Isn’t there some claim events come in threes? After the extremely rare leak of the iOS Coruna exploit chain recently, now we have details from Google on a second significant exploit in the ...
SecurityWeek

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack

Aqua Security’s Trivy vulnerability scanner was compromised in a supply chain attack, leading to information-stealing ...
CSO Online

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ ...
InfoWorld

Context Hub vulnerable to supply chain attacks, says tester

The new AI tool highlights the risk when developers point their bots at non-authoritative information sources, with ...

OpenClaw can bypass your EDR, DLP and IAM without triggering a single alert

Six security teams shipped six OpenClaw defense tools in 14 days. Three attack surfaces survived: runtime semantic ...
Dark Reading

Trivy Supply Chain Attack Targets CI/CD Secrets

A threat actor used the open source security tool to breach CI/CD workflows and steal cloud credentials, SSH keys, and other ...

Varnish Launches Artifact Firewall, Expands Orca for Kubernetes and AI Workloads

Runtime layer accelerates and governs software and AI artifacts across distributed Kubernetes environments. Artifact ...

Inside DockerGate: Using static analysis to rein in container permissions

VMPLNew Delhi [India], March 14: Modern software infrastructure increasingly relies on containers, yet the security assumptions that govern them remain surprisingly blunt. As Docker has become the ...