GovInfoSecurity

CISA Flags Critical Flaw in Grassroots DICOM Imaging Library

The Cybersecurity Infrastructure and Security Agency is warning of a high severity in Grassroots DICOM, an open-source ...
Opinion
Cloud Security AllianceOpinion

The Agentic Trust Deficit: Why MCP's Authentication Vacuum Demands a New Security Paradigm

Enterprises have tethered their most consequential operations to AI agents & neglected to secure the ingress. This article explains the gravity of this threat.
SecurityWeek

Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn

Citrix has patched CVE-2026-3055, a critical NetScaler vulnerability that allows remote, unauthenticated attackers to read ...

Self-propagating malware poisons open source software and wipes Iran-based machines

A new hacking group has been rampaging the Internet in a persistent campaign that spreads a self-propagating and never-before ...
SecurityWeek

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack

Aqua Security’s Trivy vulnerability scanner was compromised in a supply chain attack, leading to information-stealing ...

Spektion Launches Continuous Runtime Exposure Management Platform to Redefine Vulnerability Management Around Observed Exploitability

Spektion, the pioneer in Runtime Exposure Management, announced today at the RSAC™ 2026 Conference the general availability of its expanded platform for Continuous Runtime Exposure Management, ...

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
CSO Online

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ ...
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across ...

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
Forbes

Microsoft Confirms SQL Zero-Day Security Vulnerability—Here’s The Fix

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. The Microsoft Security Response Center has confirmed that a SQL Server elevation of ...
GitHub

A multi‑agent security copilot that inventories MCP servers/tools, correlates them with vulnerability intelligence, and tests for prompt‑injection/tool‑misuse paths ...

Over-privileged tools (fs/db/repo write) Remote tool abuse Prompt injection via tool schemas Supply chain risks in MCP servers Dangerous toolchain compositions (e.g. repo write + fs write + remote) ...