SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
InfoQ

Evaluating AI Agents in Practice: Benchmarks, Frameworks, and Lessons Learned

This article introduces practical methods for evaluating AI agents operating in real-world environments. It explains how to ...
Frontiers

Writing by hand may increase brain connectivity more than typing on a keyboard

In an ever more digital world, pen and paper are increasingly getting replaced with screens and keyboards in classrooms. Now, a new study has investigated neural networks in the brain during hand- and ...
Horse and Hound

Cheltenham day 2 tips from racing gurus, including an ‘exception that breaks the rule’ in the 1.20pm

Day 2 is now complete – we’ve rounded up Cheltenham Day 4 tips here. After all the excitement of Tuesday’s action at the Cheltenham Festival, attention is turned to Wednesday’s racing and the question ...
GitHub

davila7/claude-code-templates

Ready-to-use configurations for Anthropic's Claude Code. A comprehensive collection of AI agents, custom commands, settings, hooks, external integrations (MCPs), and project templates to enhance your ...