Admins: Sorry to say, but it's likely a rotate-your-secrets kind of weekend.

Ars Technica is known for its  coverage of technology-related news and analysis, ranging from scientific breakthroughs to the latest gadgets and gaming developments. Readers can learn about emerging technologies, industry trends, and the societal impact of technological advancements through detailed articles and reviews.

Ars Technica

Hackers have compromised nearly all versions of Aqua Security's Trivy vulnerability scanner in an active supply chain attack. Using stolen credentials, attackers force-pushed malicious dependencies into 75 trivy-action tags and 7 setup-trivy tags. The malware scours CI/CD pipelines for GitHub tokens, cloud credentials, SSH keys, and Kubernetes tokens, then encrypts and exfiltrates them to an attacker-controlled server. Only version @0.35.0 appears unaffected. Maintainer Itay Shakury advises anyone who ran a compromised version to immediately rotate all pipeline secrets.

Widely used Trivy scanner compromised in ongoing supply-chain attack

How The Callisto Protocol's Team Designed Its Terrifying, Immersive Audio