Security Boulevard

Trivy’s March Supply Chain Attack Shows Where Secret Exposure Hurts Most

The Trivy story is moving quickly, and the latest reporting makes one thing clear: this is no longer just a GitHub Actions ...
CSOonline

Supply chain compromise of Ultralytics AI library results in trojanized versions

Attackers exploited a script injection vulnerability via GitHub Actions to inject malicious code during the automated build process, poisoning the resulting packages of the popular Python library.