The invisible shield: How AI is quietly protecting the software that runs your life

Last week, something alarming happened in the world of software — and almost nobody outside the tech industry noticed. A ...
The Hacker News

⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

Stay ahead of the logs with our Monday Recap. We break down active Adobe 0-days, North Korean crypto stings, and critical CVEs you need to patch today ...
InfoWorld

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.
IEEE

Evaluating Retrieval-Augmented Generation for LLM-Based Vulnerability Detection: An Empirical Study on Real-World Java Vulnerabilities

Abstract: Software vulnerabilities are growing as fast as the digital platforms and applications that contain them. Thus, the timely and effective detection of software vulnerabilities is becoming ...
Eagle-Tribune

Point Wild Releases Free LiteLLM Vulnerability Scanner Within 24 Hours of Supply Chain Attack

BOSTON, March 26, 2026 /PRNewswire/ -- Point Wild, a leading global provider of AI-powered cybersecurity, today announced the immediate release of a free security tool, who-touched-my-packages (wtmp) ...
CBS News

DHS watchdog warned of risks in airport shoes-off policy. The report got buried.

An internal watchdog report in the Department of Homeland Security identified serious vulnerabilities in TSA's screenings at airports nationwide, among them, one created by a change in the shoes-off ...
IEEE

Cybercheck – OSINT & Web Vulnerability Scanner

Abstract: The objectives of “CyberCheck” are drafted very precisely to solve 2 important modules of the Penetration Testing Workflows. Open-Source Intelligence (OSINT) and Web Vulnerability Scanning ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

On March 19, 2026, Trivy, Aqua Security’s widely used open-source vulnerability scanner, was reported to have been compromised in a sophisticated CI/CD-focused supply chain attack. Threat actors ...
SecurityWeek

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack

Hackers published a malicious scanner release and replaced tags to point to information-stealer malware. A threat actor compromised Aqua Security’s Trivy open source vulnerability scanner in a supply ...
Bleeping Computer

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions.
CSOonline

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

‘If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ Trivy maintainer says. Attackers have compromised the widely used open-source ...