Morning Overview on MSN

TeamPCP compromised the CI/CD pipelines behind Trivy, Checkmarx, and LiteLLM — stealing AWS keys from build servers worldwide

Sometime on March 19, 2026, a poisoned version of the open-source security scanner Trivy slipped into automated build ...

Official CheckMarx Jenkins package compromised with infostealer

Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been ...
Morning Overview on MSN

The PyTorch attack targeted SSH keys, AWS credentials, Kubernetes configs, Docker tokens, and crypto wallets in one sweep

Sometime in early 2026, a routine vulnerability scan turned into something far worse for machine learning teams that depend ...

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

It has been a bad six weeks for security firm Checkmarx. Over the past 40 days, it has been the victim of at least one supply-chain attack that delivered malware to customers on two separate occasions ...
SecurityWeek

Build Application Firewalls Aim to Stop the Next Supply Chain Attack

Build Application Firewalls (BAFs) are emerging as a new defense against software supply chain attacks by inspecting ...
Yahoo Finance

ActiveState Joins Trivy Partner Connect to Cut CVE Noise and Reduce Alert Fatigue for Developers

Integration brings ActiveState's VEX advisories and secure libraries directly into Trivy scans, providing high-fidelity results and faster remediation paths ActiveState joins a growing community of ...
dbta

Aqua Security Unveils Trivy Partner Connect to Boost Open Source Security Scanning

Aqua Security, a pioneer in cloud native security and the primary maintainer of Aqua Trivy, is launching the Trivy Partner Connect Program, expanding the commercial ecosystem around Trivy, an open ...