The Trivy supply-chain attack has expanded, affecting Docker Hub and Kubernetes environments. Hackers are distributing malicious artifacts via Docker Hub, leading to the deployment of infostealers and a worm capable of triggering Kubernetes wiper scripts. This attack highlights significant risks in CI/CD workflows and necessitates immediate review and tightening of supply chain security measures.
Mazda has disclosed a security breach exposing employee and partner data, while Crunchyroll is investigating a claim of a breach affecting 6.8 million users. These incidents underscore the ongoing threat of data breaches across industries, emphasizing the need for robust data protection strategies and incident response plans to mitigate potential damage and protect sensitive information.
CISA has issued an emergency directive requiring U.S. government agencies to patch three iOS vulnerabilities actively exploited in cryptocurrency theft attacks. The vulnerabilities, identified as CVEs related to the DarkSword exploit, pose significant risks to unpatched devices. Security teams must prioritize these patches to prevent potential exploitation and safeguard sensitive data.
STAY UPDATED
Daily security digest, straight to your inbox.