Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

While investigating a spike in script execution detections across several CrowdStrike Falcon platform customers, CrowdStrike’s Engineering team traced the activity to a compromised GitHub Action named aquasecurity/trivy-action. This popular open-source vulnerability scanner is frequently used in CI/CD pipelines.

Modern software development relies on open-source components to accelerate innovation. This efficiency, however, introduces significant risk. Your application’s security is now tied to a vast and complex supply chain of code you did not write. The persistent software supply chain challenge is that this external code is a primary source of critical vulnerabilities and a hard.

Sure, they would vastly prefer targeting organizations in the opponent’s supply chain (which is why new requirements like CMMC are absolutely crucial), but every organization that is affiliated with or operates in the adversary’s territory becomes a target no matter how large or small.

AppsFlyer’s JavaScript SDK has been compromised in an active supply chain attack. Websites loading the script are serving malicious code to their users without any changes to their own codebase.

Development teams are shipping faster than ever. Generative AI coding assistants, early agentic workflows, and increasingly modular architectures have compressed the distance between concept and deployment. AI-enabled innovation has become an executive mandate, and teams are expected to deliver at speed without sacrificing security or compliance.

Organizations are facing a complicated and unwieldy cybersecurity perimeter due to the sprawling web of third-party dependencies that now account for 30% of all data breaches. This network of interconnected applications and infrastructure gives threat actors an opportunity through an extended attack surface to exploit organizations. Attackers are also moving faster by leveraging AI to weaponize zero-day vulnerabilities in days rather than weeks, and most organizations remain dangerously behind the curve.

Ransomware incidents are often perceived as sudden, destructive events triggered by malicious payloads. In reality, many modern ransomware attacks begin much earlier and in a far less visible way: with compromised credentials and pre-existing access sold in underground markets. Threat intelligence collected from access broker activity and credential exposure sources indicates that ransomware operators increasingly rely on purchased access rather than direct exploitation.

Listen to a NotebookLM podcast version of the blog: When Anthropic announced Claude Code’s new security scanning capabilities, following the announcement of OpenAI’s Aardvark, it marked an important moment for the industry. For the first time, expert-level security review is becoming embedded directly into the act of writing code. Subtle, context-dependent vulnerabilities can now be flagged as they are created. Zero-days can potentially be remediated before they ever make it into a build.