Trivy Supply Chain Attack Targets CI/CD Secrets
A threat actor used the open source security tool to deploy an infostealer into CI/CD workflows and steal cloud credentials, SSH keys, tokens, and other sensitive secrets.
SSH enables encrypted remote access and administration, but weak credentials, exposed services, and misconfiguration can permit unauthorized access.
Search across headline titles and summaries.
Background for this topic.
SSH (Secure Shell) is a protocol for establishing a cryptographically protected connection to a remote computer. It supports interactive administration, command execution, file transfer, and related services such as port forwarding. SSH provides confidentiality and integrity for the session, while host keys help the client verify that it is connecting to the intended server.
Security depends on how SSH is deployed and how its credentials are managed. An internet-exposed service may attract password guessing, and vulnerable SSH implementations can provide an entry point; a stolen private key or an overly permissive authorized_keys entry may enable unauthorized access. Useful controls include timely patching, restricting network exposure, disabling password authentication where practical, protecting keys with strong passphrases or hardware-backed storage, limiting account privileges, and reviewing authentication logs. Administrators should verify host keys to reduce man-in-the-middle risk and promptly remove or rotate credentials during personnel changes or suspected compromise.
Weekly headline count for the current query.
A threat actor used the open source security tool to deploy an infostealer into CI/CD workflows and steal cloud credentials, SSH keys, tokens, and other sensitive secrets.
SSH keys enable critical system access but often lack proper management. This security blind spot creates significant risk through untracked, unrotated credentials that persist across your infrastructure.
You don't have to stop using SSH keys to stay safe. This Tech Tip explains how to protect your system against CVE-2023-48795.
The botnet — built for DDoS, backdooring, and dropping malware — is evading standard URL signature detections with a novel approach involving Hex IP addresses.
Over the past few weeks, a Mirai variant appears to have made a pivot from infecting new servers to maintaining remote access.
The Japanese-language Panchan botnet has been discovered stealing SSH keys from Linux servers across Asia, Europe, and North America, with a focus on telecom and education providers.