Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
CoinDesk

OpenClaw developers targeted in GitHub phishing scam offering fake token airdrops

Attackers impersonate OpenClaw on GitHub, luring developers with bogus CLAW giveaways that trick users into connecting crypto ...

Hackers exploit OpenClaw hype on GitHub to steal crypto funds

Crypto scammers are exploiting the rising visibility of OpenClaw to target developers through a coordinated phishing campaign ...
Decrypt

OpenClaw Developers Lured in GitHub Phishing Campaign Targeting Crypto Wallets

The phishing campaign lures OpenClaw developers with fake $5,000 token airdrops, then drains wallets through a cloned site ...
GitHub

Barrel file removal tool for JavaScript & TypeScript projects (ESM-only).

Barrel files are convenient, but they often come with trade-offs including: Performance and memory: they artificially inflate the module graph and slow down startup times, HMR, and CI pipelines.
GitHub

electric-capital/open-dev-data

Open Dev Data is a taxonomy of open source blockchain, web3, cryptocurrency, and decentralized ecosystems and their code repositories. This dataset is not complete, and hopefully it never will be as ...