SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.
CSO Online

New ‘StoatWaffle’ malware auto‑executes attacks on developers

The newly observed malware abuses VS Code’s “runOn:folderOpen” feature to execute automatically from trusted projects, ...
WinBuzzer

Trivy Breached Twice in a Month via GitHub Actions

Attackers have hijacked 75 of 76 GitHub Actions tags for Aqua Security's Trivy scanner, distributing credential-stealing ...
Cyber Daily

Code security platform Trivy compromised by malicious packages

The open-source supply chain hack represents “meaningful industry-wide risk”, according to an industry expert.
How-To Geek on MSN

Android's sideloading changes, the big Visual Studio Code update, better Linux phones, and more: News roundup

Everything you may have missed from the past week.

Omni Consumer Products Founder Builds 3D, Fully Interactive, Blade Runner Voight-Kampff Machine in 90 Minutes Using AI, Highlights Three Human Skills That Will Define the ...

As AI automates procedural tasks across industries, creativity, communication, and tenacity emerge as the critical hiring criteria for every organization LOS ANGELES, March 20, 2026 /PRNewswire/ -- ...

Anthropic just shipped an OpenClaw killer called Claude Code Channels, letting you message it over Telegram and Discord

The consensus among early adopters is that Anthropic has successfully internalized the most desirable features of the ...

OpenAI acquires open-source Python tooling startup Astral

OpenAI Group PBC today announced plans to acquire Astral Software Inc., a startup with a set of widely used Python ...

OpenAI is acquiring open source Python tool-maker Astral

OpenAI announced Thursday that it has entered into an agreement to acquire Astral, the company behind popular open source Python development tools such as uv, Ruff, and ty, and integrate the company ...

This Argentine Billionaire’s Startup Vercel Is One Of Claude Code’s Go-To Web Hosting Tools

One of the most popular ways to view the Epstein Files, an interface called Jmail that mimics a Gmail inbox, is hosted on ...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...