The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed.

Open Wallet Standard launches with 21 firms enabling secure local key storage and multi chain signing for AI agents.

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ Trivy maintainer says.

Unlike Nvidia's earlier Grace processors, which were primarily sold as companions to GPUs, Vera is positioned as a ...

LiteLLM, a widely used AI developer tool, was hit by a supply chain attack through a malicious PyPI release. The malware stole credentials, spread across systems, and crashed machines. The incident ...

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach reports, expert analysis, and actionable insights for infosec professionals and ...

IntroductionOn March 1, 2026, ThreatLabz observed new activity from a China-nexus threat actor targeting countries in the Persian Gulf region. The activity took place within the first 24 hours of the ...

An information stealer called VoidStealer uses a new approach to bypass Chrome's Application-Bound Encryption (ABE) and extract the master key for decrypting sensitive data stored in the browser.

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

Earlier this year, Google expanded its AI-powered search summaries to Gmail, giving users a quicker way to find relevant information in their inbox. Now, the company is bringing AI Overviews to Google ...

Nicole Charky-Chami is a senior editor based in Los Angeles, writing and producing breaking news. She teaches journalism courses for UCLA Extension and previously taught at Loyola Marymount University ...