SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.

Mozilla introduces cq, describing it as 'Stack Overflow for agents'

Mozilla is building cq - described by staff engineer Peter Wilson as "Stack Overflow for agents" - as an open source project ...
The Hacker News

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...
WinBuzzer

Trivy Breached Twice in a Month via GitHub Actions

Attackers have hijacked 75 of 76 GitHub Actions tags for Aqua Security's Trivy scanner, distributing credential-stealing ...
Cyber Daily

Code security platform Trivy compromised by malicious packages

The open-source supply chain hack represents “meaningful industry-wide risk”, according to an industry expert.
How-To Geek on MSN

Android's sideloading changes, the big Visual Studio Code update, better Linux phones, and ...

Everything you may have missed from the past week.

Omni Consumer Products Founder Builds 3D, Fully Interactive, Blade Runner Voight-Kampff ...

As AI automates procedural tasks across industries, creativity, communication, and tenacity emerge as the critical hiring criteria for every organization LOS ANGELES, March 20, 2026 /PRNewswire/ -- ...

Anthropic just shipped an OpenClaw killer called Claude Code Channels, letting you message ...

The consensus among early adopters is that Anthropic has successfully internalized the most desirable features of the ...

OpenAI tries to build its coding cred, acquires Python toolmaker Astral

In a move clearly designed to strengthen its position among developers, OpenAI has acquired Python tool maker Astral. The house of Altman expects the deal to strengthen the ecosystem for its Codex ...

OpenAI acquires open-source Python tooling startup Astral

OpenAI Group PBC today announced plans to acquire Astral Software Inc., a startup with a set of widely used Python ...

OpenAI is acquiring open source Python tool-maker Astral

OpenAI announced Thursday that it has entered into an agreement to acquire Astral, the company behind popular open source Python development tools such as uv, Ruff, and ty, and integrate the company ...

DarkSword iOS exploit chain adopted by multiple threat actors: Report

Lookout Threat Labs, and iVerify published coordinated research in March 2026 on DarkSword, a JavaScript-based full-chain ...