"CanisterWorm" supply chain malware attacks npm

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...
Security Boulevard

Which Came First: The System Prompt, or the RCE?

During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude ...

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
Security Boulevard

The Trivy Supply Chain Compromise: What Happened and Playbooks to Respond

On March 19, 2026, a threat actor known as TeamPCP compromised Aqua Security’s Trivy vulnerability scanner – the most widely adopted open-source scanner in the cloud-native ecosystem. The attacker ...

AI時代に再評価される既存言語、「型」が強みになる理由

AIの進展によって、プログラミング言語の役割が変わりつつある。コード生成の自動化が進む一方で、TypeScriptやRustといった「型付き言語」がむしろ存在感を強めている。AIはコードを不要にするのか、それとも言語の価値を変えるのか――開発者の間で ...