Over 100 Chrome Web Store extensions found stealing user data from thousands of accounts

All extensions seem to have been made by a single actor, possibly of Russian origin.
Security Boulevard

GitHub Actions Supply Chain Attack: Trivy Breach & Workflow

Breakdown of the Trivy GitHub Actions attack, including workflow misconfigurations, token theft, and supply chain exposure.