Trivy Vulnerability Scanner Compromised in Supply Chain Attack — BleepingComputer

The Trivy vulnerability scanner was compromised in a supply chain attack, with threat actors deploying an infostealer via GitHub Actions. The attack involved the Trivy scanner being used to spread CanisterWorm across 47 npm packages. This incident highlights the risks associated with software supply chains and the need for rigorous security measures around CI/CD pipelines and third-party tool integrations.

Oracle Releases Patch for Critical RCE Flaw in Identity Manager — The Hacker News

Oracle has issued a patch for a critical remote code execution vulnerability (CVE-2026-21992) in its Identity Manager, which could be exploited by unauthenticated attackers. Meanwhile, CISA has flagged this and other vulnerabilities in Apple, Craft CMS, and Laravel, mandating patching by April 3, 2026. Security teams should prioritize applying these updates to mitigate potential exploitation risks.

• Microsoft Azure Monitor alerts abused for callback phishing attacks [BleepingComputer]
• Charlottesville Settlement Company data breach impacts over 22,000 customers - WVIR [Google News Security]
• WorldLeaks ransomware group breached the City of Los Angels - Security Affairs [Google News Security]
• Google 揭露 iOS 漏洞 DarkSword，威胁加密货币用户 - Binance [Google News Security (CN)]
• Foster City: Suspected Cybersecurity Breach Forces City To Shut Down Computer Systems - SFGATE [Google News Security]