SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
InfoWorld

OpenAI adds plugin system to Codex to help enterprises govern AI coding agents

The move lets IT administrators standardize and distribute agent behaviors across engineering teams, but OpenAI’s third-party ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...
Project Syndicate

Politics & World Affairs

Nouriel Roubini thinks President Donald Trump is on the hook politically to try to “finish the job” of regime change.