Security Boulevard

An Evolving GlassWorm Malware is Making the Rounds of Code Repositories

GlassWorm is evolving. Security researchers say the malware, which infiltrates code repositories with malicious extensions, can now deploy a RAT, is targeting MCP servers, and has a new way of moving ...

Built to scale: Industrial contracting in Greater Baton Rouge

Eight Baton Rouge-based industrial contractors rank in the nation's top 20, including four of the top five. Here's how a city ...

Canadian defence-procurement agency expected to reduce $100-million contract minimum

Changes likely to take effect when the Defence Investment Agency becomes its own stand-alone entity, Stephen Fuhr says ...
Payload Asia

EcoCeres and Chinese aviation partners launch SAF pilot program in China

EcoCeres Inc., a leading pure-play renewable fuels producer, has launched a sustainable aviation fuel (SAF) pilot program in ...
WinBuzzer

Trivy Breached Twice in a Month via GitHub Actions

Attackers have hijacked 75 of 76 GitHub Actions tags for Aqua Security's Trivy scanner, distributing credential-stealing ...
Payload Asia

DHL Express and SHEIN sign GoGreen Plus agreement to advance more sustainable logistics in cross-border E-commerce

Amy Yang, Global Head of Channel Logistics, SHEIN; Ethan Shen, Global Head of Supply Chain Logisitcs & Fulfilment, SHEIN; ...
WinBuzzer

DarkSword iOS Exploit Leaks on GitHub, Threatens Millions

A government-grade iOS exploit kit called DarkSword has been leaked on GitHub, putting hundreds of millions of iPhones ...
Cyber Daily

Government proposes 5 changes to SOCI Act in overhaul of ministerial directions powers

A newly released consultation paper suggests “targeted reforms” such as disclosure delays and restrictions on “high-risk ...

Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...

A simple coding mistake is exposing API keys across thousands of websites

A large-scale study has revealed that websites are unintentionally exposing API keys tied to services like AWS, Stripe, and OpenAI, with most leaks traced back to publicly accessible JavaScript files.