Security Boulevard

GitHub Actions Supply Chain Attack: Trivy Breach & Workflow

Breakdown of the Trivy GitHub Actions attack, including workflow misconfigurations, token theft, and supply chain exposure.
GitHub

The Red Sun vulnerability repository

The Red Sun vulnerability repository. Contribute to Nightmare-Eclipse/RedSun development by creating an account on GitHub.
The Hacker News

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...
Security Boulevard

The Future Of GitHub Actions Security And What You Can Do Right Now

GitHub is hardening Actions with deterministic dependencies, scoped secrets, and policy controls. Teams still need immediate ...

Unpatched Microsoft Defender flaw lets hackers gain admin access

A security researcher has published a working exploit for a Microsoft Defender security flaw that affects Windows 10, 11, and ...

Agents hooked into GitHub can steal creds – but Anthropic, Google, and Microsoft haven't warned users

Exclusive: Researchers who found the flaws scored beer money bounties and warn the problem is probably pervasive ...

Report: Cisco could acquire AI agent security startup Astrix Security for $250M+

Cisco Systems Inc. is reportedly in talks to buy Astrix Security Ltd., a startup that helps companies secure their artificial ...
The Guardian

Claude’s code: Anthropic leaks source code for AI software engineering tool

Nearly 2,000 internal files were briefly leaked after ‘human error’, raising fresh security questions at the AI company Anthropic accidentally released part of the internal source code for its ...
TechJuice

GlassWorm Escapes JavaScript Sandbox to Silently Spread Across Developer Tools

GlassWorm malware uses a Zig-based dropper to infect developer tools, stealing data and spreading across IDEs.
JD Supra

When Proprietary Code Escapes: How Companies Should Prevent IP Leakage—and What to Do the Moment It Happens

For many companies, the most valuable assets on the balance sheet are not the ones it fully captures. They are buried in source code, ...
VentureBeat

Claude Code's source code appears to have leaked: here's what we know

VentureBeat made with Google Gemini 3.1 Pro Image Anthropic appears to have accidentally revealed the inner workings of one of its most popular and lucrative AI products, the agentic AI harness Claude ...