The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
InfoQ

Java 26 Delivers Language Innovation, Library Improvements, Performance and Security

Oracle has released version 26 of the Java programming language and virtual machine. As the first non-LTS release since JDK ...
GitHub

googleads/google-ads-api-developer-assistant

TL;DR: This extension for the Gemini CLI lets you interact with the Google Ads API using natural language. Ask questions, generate GAQL and code in several languages, and execute API calls that read ...

CardSight AI Launches Basketball Card Identification, Expanding Platform to Three Major Sports

CardSight AI adds close to 1 million Basketball cards spanning 1957-2026. Platform now covers three major sports with ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential ...
GitHub

GitHub MCP Server

The GitHub MCP Server connects AI tools directly to GitHub's platform. This gives AI agents, assistants, and chatbots the ability to read repositories and code files, manage issues and PRs, analyze ...