Morning Overview on MSN

TeamPCP compromised the CI/CD pipelines behind Trivy, Checkmarx, and LiteLLM — stealing AWS keys from build servers worldwide

Sometime on March 19, 2026, a poisoned version of the open-source security scanner Trivy slipped into automated build ...

Official CheckMarx Jenkins package compromised with infostealer

Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been ...

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

It has been a bad six weeks for security firm Checkmarx. Over the past 40 days, it has been the victim of at least one supply-chain attack that delivered malware to customers on two separate occasions ...
Yahoo Finance

Aqua Security Launches Trivy Partner Connect to Expand Open Source Security Scanning Ecosystem

BOSTON and TEL AVIV, Israel, July 07, 2025 (GLOBE NEWSWIRE) -- Aqua Security, the pioneer in cloud native security and the primary maintainer of Aqua Trivy, today announced the launch of the Trivy ...
Dark Reading

Trivy Supply Chain Attack Targets CI/CD Secrets

A threat actor is systematically targeting cloud credentials, SSH keys, authentication tokens, and other sensitive secrets stored in automated enterprise software build and deployment pipelines after ...
dbta

Aqua Security Unveils Trivy Partner Connect to Boost Open Source Security Scanning

Aqua Security, a pioneer in cloud native security and the primary maintainer of Aqua Trivy, is launching the Trivy Partner Connect Program, expanding the commercial ecosystem around Trivy, an open ...
InfoWorld

Integrate security into CI/CD with the Trivy scanner

Open source Trivy plugs into the software build process and scans container images and infrastructure-as-code files for vulnerabilities and misconfigurations. Attacks on cloud-native infrastructures ...