criticalVulnerabilities & Exploits
Critical Supply Chain Attacks Hit Trivy Scanner While CISA Adds 5 CVEs to KEV Catalog
Threat actors compromised Trivy vulnerability scanner multiple times, deploying self-propagating CanisterWorm malware across 47 npm packages and stealing CI/CD secrets from GitHub Actions. Meanwhile, CISA added 5 actively exploited vulnerabilities affecting Apple, Craft CMS, and Laravel to its KEV catalog with an April 3rd patching deadline.
The Hacker News, Microsoft Security, MSRC Security Updates
supply-chain-attackstrivynpm-packages
🇺🇸Apple