Mastodawn

#Trivy, a popular open-source vulnerability scanner, was compromised - attackers hijacked 75 version tags in #GitHub Actions to deliver an infostealer.

It ran in CI pipelines, stealing creds and tokens, exfiltrating data:
#SoftwareSupplyChainSecurity
👇
https://thehackernews.com/2026/03/trivy-security-scanner-github-actions.html

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.

The Hacker News

Éric Freyssinet 6h ago

Nicolas Fressengeas 6h ago

RE: https://mstdn.social/@swheritage/116272142405742756

"France and Germany are moving beyond the “altruism” of the early open-source movement, reframing it as a matter of national autonomy. Stéphanie Schaer, The Interministerial Directorate for Digital Affairs in France (DINUM), highlighted Tchap—a secure messaging app used by 400,000 civil servants—as proof that the state can break its dependency on “monopolistic IT solutions” by investing in the digital commons."

#OpenSource #SWH10

Éric Freyssinet 20h ago

Thierry Noisette 20h ago

Allemagne : le format ODF obligatoire dans l’administration https://www.zdnet.fr/blogs/l-esprit-libre/allemagne-le-format-odf-obligatoire-dans-ladministration-492348.htm Un succès pour les formats ouverts et la Document Foundation (LibreOffice)

Allemagne : le format ODF obligatoire dans l’administration - ZDNET

The Document Foundation, qui gère LibreOffice, salue la décision du ministère allemand du Numérique, qui impose le format ODF dans l’administration fédérale, refusant ainsi le contesté OOXML de Microsoft.

ZDNET

Éric Freyssinet 1d ago

Jérôme Meyer 1d ago

New, from our ERT: #CECbot, an Android TV botnet and the first malware we're aware of that exploits HDMI-CEC.

It puts the TV to sleep so you don't notice the box behind it is running DDoS and residential proxy traffic. Curve25519/ChaCha20 crypto, 9 persistence layers, and... LAN mapping.

Successor to a Mirai fork, shares not much but the C2 server.

https://github.com/deepfield/public-research/blob/main/cecbot/report.md

#threatintel #DDoS

public-research/cecbot/report.md at main · deepfield/public-research

DDoS botnet research and indicators of compromise from Nokia Deepfield ERT - deepfield/public-research

GitHub

Éric Freyssinet 2d ago

9to5Google.com 2d ago

Google Messages launches group RCS Mentions and Trash folder https://9to5google.com/2026/03/20/google-messages-mentions-trash/?utm_source=dlvr.it&utm_medium=mastodon

Éric Freyssinet 2d ago

Le Figaro 2d ago

Isabelle Mergault, comédienne et sociétaire des «Grosses Têtes», est morte à 67 ans
https://tvmag.lefigaro.fr/programme-tv/actu-tele/isabelle-mergault-comedienne-et-societaire-des-grosses-tetes-est-morte-a-67-ans-20260320?utm_source=flipboard&utm_medium=activitypub

Publié dans Actualités @actualit-s-LeFigaro

Isabelle Mergault, comédienne et sociétaire des «Grosses Têtes», est morte à 67 ans

Laurent Ruquier a annoncé, ce vendredi après-midi auprès de l’AFP, son décès. Elle souffrait depuis plusieurs mois d’un cancer.

TV Magazine

Éric Freyssinet 2d ago

Lorenzo Franceschi-Bicchierai 3d ago

NEW: The FBI has taken down and seized two websites that were run by the pro-Iranian hacktivist group Handala.

“Law enforcement authorities determined this domain was used to conduct, facilitate, or support malicious cyber activities on behalf of, or in coordination with, a foreign state actor,” read the seizure notice.

The law enforcement actions comes a week after Handala claimed responsibility for the devastating hack of U.S. medical tech giant Stryker.

https://techcrunch.com/2026/03/19/fbi-seizes-pro-iranian-hacking-groups-websites-after-destructive-stryker-hack/

FBI seizes pro-Iranian hacking group's websites after destructive Stryker hack | TechCrunch

The FBI and the Justice Department took down two websites linked to the pro-Iranian hacktivist group Handala, which last week hacked medical tech giant Stryker.

TechCrunch

Éric Freyssinet 4d ago

The New Oil 4d ago

#UK’s #CompaniesHouse confirms security flaw exposed business data

https://www.bleepingcomputer.com/news/security/uks-companies-house-confirms-security-flaw-exposed-business-data/

#DataBreaach #cybersecurity #privacy

UK’s Companies House confirms security flaw exposed business data

Companies House, a British government agency that operates the registry for all U.K. companies, says its WebFiling service is back online after it was closed on Friday to fix a security flaw that exposed companies' information since October 2025.

BleepingComputer

Éric Freyssinet 6d ago

Botconf 6d ago

#Botconf2026 - We have just finished the selection of our last minute talks thanks to our #SprintCFP ! Great additions to our agenda with some fresh cases and research.
To register and join us in Reims next month, please follow this link: https://www.botconf.eu/, we still have seats available !

Éric Freyssinet Mar 15

The Verge Mar 14

Meta is reportedly laying off up to 20 percent of its staff
https://www.theverge.com/business/895026/meta-laying-off-20-percent?utm_source=flipboard&utm_medium=activitypub

Posted into The Verge @the-verge-theverge

Meta is reportedly laying off up to 20 percent of its staff

Meta is reportedly planning to lay off up to 20 percent of its staff to offset big spending on AI and data centers.

The Verge

Blog	https://eric.freyssi.net
Twitter (ex...)	https://twitter.com/ericfreyss
LinkedIn	https://www.linkedin.com/in/ericfreyssinet/
Pixelfed \| Matrix	https://metapixl.com/@ericfreyss \| @ericfreyss:matrix.org