Tracked topic
Trivy is an open source vulnerability scanner for container images, files, and code that detects known security issues in software dependencies.
They Got Trivy. They Got Axios. Now They're Coming for the Linux Foundation.
It's Bigger Than TeamPCP. Open Source Is Under Siege.
Cyclic Redundancy Check (CRC) - Computerphile
CopyFail Compromises The Last 9 Years Of Linux Distros
They're Getting Faster. Open Source Is Under Attack Right Now.
Linux’s Biggest Win Yet - WAN Show April 24, 2026
… Februar hatte ein Angreifer über eine Fehlkonfiguration in Trivys Github-Actions-Umgebung ein sogenanntes Personal Access Token extrahiert, also einen langlebigen Zugriffsschlüssel mit Schreibrechten auf die Trivy-Repositories. …
… This post summarizes what happened, what Docker did in response, and what you should do if you use Trivy.
Trivy, KICS, and the shape of supply chain attacks so far in 2026 | Docker
Coordinates : 46°23′14″N 4°29′34″E / 46.3872°N 4.4928°E / 46.3872; 4.4928 From Wikipedia, the free encyclopedia Commune in Bourgogne-Franche-Comté, France Trivy Commune The church in Trivy Location of Trivy Trivy Show map of France Trivy Show map of Bourgogne-Franche-Comté Coordinates: 46°23′… …
Copy Fail is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms.
https://copy.fail/ 10 lines of python to gain root access on shared machines running Linux kernels from 2017 onward: https://github.com/theori-io/copy-fail-CVE-2026-31431 Edit: for those that want an un-minimized version…
We've been tracking TeamPCP since March. This is the fifth major package in the same campaign. Full chronology: Mar 19 — Trivy compromised. CI/CD secrets harvested downstream. Mar 24 — LiteLLM 1.82.7/1.82.8 to PyPI via c…
I work as a SAP Integration consultant and built this as a side project. Friction point: Most self hosted LLM observability tools require Postgres, Redis and non trivial infrastructure. Teams just want to see what their …
Hi HN, I'm James. Over the last few months I built a Warhammer 40K 10th-edition vertical slice as an experiment in how far GenAI tools can take a solo dev on a non-trivial 2D game.For sprite generation, whilst creative e…
… The software was subverted on March 19, when attackers referred to as TeamPCP used compromised credentials to publish a malicious Trivy release v0.69.4 , and again on March 22, when malicious Trivy versions v0.69.5 and v0.69.6 were published as DockerHub images. …
… Socket and Google-owned Wiz researchers over the weekend determined that the attack compromised multiple components of the Trivy project: the core scanner, the trivy-action GitHub Action, and the setup-trivy GitHub Action, and force-pushed 75 out of 76 trivy-action tags to malicious versions, meani… …
… Following a report that TeamPCP also breached Cisco's internal development environment and stole source code from credentials swiped via the Trivy attack, Cisco told The Register that it is "aware of the Trivy supply-chain issue that is affecting the industry." MORE CONTEXT 1K+ cloud environments i… …
… A company spokesperson confirmed to BleepingComputer that the threat actor obtained credentials to the repositories from the Trivy supply-chain attack in March. …
…More quizzes! Want to keep testing your knowledge of gaming trivia? We've got loads more PC Gamer quizzes , on everything from healthbars to weird currencies to absurd patch notes. I'm…
… Then, just two weeks after Trivy, another supply chain attack hit a different open-source library. …