SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...
Windows Report

Critical Notepad Security Bug Could Execute Remote Scripts, Now Fixed

Microsoft has released a security update addressing a remote code execution vulnerability in the modern Notepad app distributed via the Microsoft Store. The flaw, tracked as CVE-2026-20841, carries a ...
VentureBeat

Kilo CLI 1.0 brings open source vibe coding to your terminal with support for 500+ models

Remote-first AI coding startup Kilo doesn't think software developers should have to pledge their undying allegiance to any one development environment — and certainly not any one model or harness.
GitHub

[plugin] ms-python.python extension does not spawn new terminal widget when rerunning command

When executing a Python script via the ms-python.python extension via the Run/Debug toolbar button, a new terminal widget is correctly created to show the output. However, if this specific terminal ...
Bleeping Computer

Malicious Blender model files deliver StealC infostealing malware

A Russian-linked campaign delivers the StealC V2 information stealer malware through malicious Blender files uploaded to 3D model marketplaces like CGTrader. Blender is a powerful open-source 3D ...