Trivy Supply Chain Attack Targets CI/CD Secrets
A threat actor used the open source security tool to deploy an infostealer into CI/CD workflows and steal cloud credentials, SSH keys, tokens, and other sensitive secrets.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A threat actor used the open source security tool to deploy an infostealer into CI/CD workflows and steal cloud credentials, SSH keys, tokens, and other sensitive secrets.
Familiar bugs in a popular open source framework for AI chatbots could give attackers dangerous powers in the cloud.
The phishing campaign shows how attackers continue to weaponize legitimate cloud services and open source tools to evade detection and gain trust.
The "Census of Free and Open Source Software" report, which identifies the most critical software projects, sees more cloud infrastructure and Python software designated as critical software components.
Amazon's open source Cloud Development Kit generates dangerously predictable naming patterns that could lead to an account takeover.
Cloud services and thus millions of end users who access them could have been affected by the poisoning of artifacts in the development workflow of open source projects.
The campaign is laser-targeted, bucking the trend of "spray-and-pray" malicious open source packages turning up in code repositories seemingly every other day.
Permiso Security announced Cloud Console Cartographer during Black Hat Asia to help defenders look inside Amazon Web Services events logs for signs of cyberattacks.
The open-source tool from Permiso can help security teams identify threat actors lurking within their AWS and Azure environments.
The open source object storage service was the target of a never-before-seen attack on corporate cloud services, which researchers said should put DevOps in particular on notice.
The four finalists in the startup competition tackled problems in firmware security, cloud infrastructure, open source software, and vulnerability remediation.
Established network security players like Check Point are responding to the shift to cloud-native applications, which have exposed more vulnerabilities in open source software supply chains.
The startup's software helps organizations secure their containers in the cloud by teasing out which packages are running and which are vulnerable.
The cryptomining malware, which typically targets Linux, is exploiting weaknesses in an open source container tool for initial access to cloud environments.
Red Hat has issued patches for a bug in an open source Java virtual machine software that opens the door to drive-by localhost attacks. Patch now, as it's easy for cyberattackers to exploit.
When we depend on an open commons as our computing foundation, we need it to be secure, and the most effective way to do that is through open solutions.
Open source tools by Spyderbat address the needs of Platform Engineering and DevOps teams by delivering new insights to workload activities and behaviors.
New open source Cloud Hunter tool, developed through Lacework Labs research, helps customers get better visibility to reduce response times for incident investigations.
New release also includes enterprise-grade cloud security posture management (CSPM) and YARA-based malware scanning capabilities.
The new open source security-as-code platform will help developers and security teams automatically detect security policy violations across the organization's cloud infrastructure.