Back to Blog

#GitHub

3 posts
Trivy GitHub Action compromise exposed CI/CD secrets in a stealth supply-chain attack
supply chain attack
Incident
Threat Intel

Trivy GitHub Action compromise exposed CI/CD secrets in a stealth supply-chain attack

Trivy GitHub Action compromise exposed CI/CD secrets in a stealth supply-chain attack A supply-chain compromise in Aqua Security’s aquasecurity/trivy-action sho...

March 22, 2026
4 min read
Lucas Oliveira
GlassWorm Shifts to Transitive Open VSX Dependencies in Developer Supply-Chain Push
Threat Hunting & Intel
Incident
Threat Intel

GlassWorm Shifts to Transitive Open VSX Dependencies in Developer Supply-Chain Push

GlassWorm Shifts to Transitive Open VSX Dependencies in Developer Supply-Chain Push GlassWorm is no longer just a story about obviously malicious extensions. Th...

March 21, 2026
5 min read
Lucas Oliveira
FakeGit: GitHub malware campaign hits 600+ repos
Threat Hunting & Intel
Incident
Threat Intel

FakeGit: GitHub malware campaign hits 600+ repos

FakeGit: GitHub malware campaign hits 600+ repos | 2026 Executive Summary A Vietnamese-speaking threat actor has been distributing FakeGit, a GitHub-based malwa...

March 10, 2026
8 min read
Lucas Oliveira

Tags

CVE
20
cyberthreads
7
Credential Theft
6
Account Takeover
5
Cisco
4
AI Security
3
CI/CD Security
3
Browser Security
2
Crypto
2
APT28
1