Security Boulevard

That “job brief” on Google Forms could infect your device

Instead of the usual phishing email or fake download page, attackers are using Google Forms to kick off the infection chain.
Courthouse News Service

11th Circuit confirms lethal injection execution for Georgia inmate wanting firing squad

In his complaint, Michael Wade Nance said his veins were so severely compromised that they were likely to blow and cause him ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

Indirect Injection and Multi-Modal Attacks: Poisoning the Pipeline

Indirect prompt injection represents a more insidious threat: malicious instructions embedded in content the LLM retrieves ...
The Hacker News

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...