| ▲ | MilnerRoute 16 hours ago | |
Briefly? "Trivy Supply Chain Attack Spreads, Triggers Self-Spreading CanisterWorm Across 47 npm Packages" https://it.slashdot.org/story/26/03/22/0039257/trivy-supply-... | ||
| ▲ | zach_vantio 14 hours ago | parent | next [-] | |
"Briefly" is doing a lot of work there. Pre-deploy scans are useless once a bad mutation is actually live. If you don't have a way to auto-revert the infrastructure state instantly, you're just watching the fire spread. | ||
| ▲ | brightball 14 hours ago | parent | prev [-] | |
Seriously. All credentials compromised that it can see. It's active in CI/CD pipelines and follow on attacks are happening. | ||