Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.
The Hacker News

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching ...
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across ...
CNET

You Can Download iOS 26.4 RC Developer Beta on Your iPhone Right Now

Apple's iOS 26.4 beta adds AI-generated Apple Music playlists, early testing for encrypted RCS messaging and a new setting to tone down brighter visual effects. With more than a decade of experience, ...
Nature

Development studies articles from across Nature Portfolio

Despite reshaping cities across Africa, Asia and beyond, China’s engagement with urban development remains ambiguous. A dialogic, coproduced framework of cooperation could turn today’s fragmented ...