SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.
techxplore

Thousands of websites are accidentally broadcasting sensitive data, study finds

Researchers have discovered a major security leak hiding in plain sight on the internet that could expose the personal data ...