Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...

Hackers exploit OpenClaw hype on GitHub to steal crypto funds

Crypto scammers are exploiting the rising visibility of OpenClaw to target developers through a coordinated phishing campaign ...

Chrome encryption bypass discovered: New malware steals passwords and cookies

The infostealer uses a first‑seen‑in‑the‑wild debugging method to extract Chrome’s decryption key without privilege ...
InfoWorld

New ‘StoatWaffle’ malware auto‑executes attacks on developers

The newly observed malware abuses VS Code’s “runOn:folderOpen” feature to execute automatically from trusted projects, ...