March 2026 – Page 20

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware that stole sensitive CI/CD secrets.
The latest incident impacted GitHub Actions “aquasecurity/trivy-action” and “aquasecurity/setup-trivy,” which are used to scan Docker container images for vulnerabilities and set up GitHub Actions workflow

Police take down 373,000 fake CSAM sites in Operation Alice

An international law enforcement action called Operation Alice has shut down over 373,000 dark web sites that offered fake CSAM packages. […]

In Other News: New Android Safeguards, Operation Alice, UK Toughens Cyber Reporting

Other noteworthy stories that might have slipped under the radar: vulnerabilities found in KVM devices, Claudy Day Claude vulnerabilities, The Gentlemen ransomware group.

The post In Other News: New Android Safeguards, Operation Alice, UK Toughens Cyber Reporting appeared first on SecurityWeek.

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities.
The security defect, tracked as CVE-2026-33017 (CVSS score: 9.3), is a case of missing authentication combined with code injection that could result in remote code execution.
“The POST /api/v1

CISA orders feds to patch max-severity Cisco flaw by Sunday

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity vulnerability, CVE-2026-20131, in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22. […]

3 Men Charged With Conspiring to Smuggle US Artificial Intelligence to China

The men violated U.S. export controls laws by scheming to divert massive quantities of the high-performance servers assembled in the United States to China.

The post 3 Men Charged With Conspiring to Smuggle US Artificial Intelligence to China appeared first on SecurityWeek.

How CISOs Can Survive the Era of Geopolitical Cyberattacks

Geopolitical tensions are driving destructive cyberattacks designed to disrupt operations, not demand ransom. CISOs must limit lateral movement and contain breaches to reduce the impact of wiper campaigns. […]

Eclypsium Raises $25 Million for Device Supply Chain Security

The company will use the investment to expand its platform’s capabilities and grow channel partnerships.

The post Eclypsium Raises $25 Million for Device Supply Chain Security appeared first on SecurityWeek.

US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ Sites

The US has seized several domains used by Handala in cyber-enabled psychological operations.

The post US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ Sites appeared first on SecurityWeek.

Cape Raises $100 Million for Protection Against Cellular Security Threats

Cape offers a privacy-focused mobile virtual network operator (MVNO) service for consumers, enterprises, and governments.

The post Cape Raises $100 Million for Protection Against Cellular Security Threats appeared first on SecurityWeek.

Month: March 2026