The Hacker News

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

GlassWorm uses Solana and Google Calendar dead drops to deliver RAT stealing browser data and crypto wallets, impacting ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.

Researchers found a way to steal data from Claude.ai using Google Ads

A legitimate Google ad could lead to data exfiltration through a chain of Claude flaws.
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...