Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (Cyborg)
  • No Skin
Collapse
Brand Logo

CIRCLE WITH A DOT
  1. Home
  2. Uncategorized
  3. A popular open-source vulnerability scanner (Trivy) was compromised last week in a supply chain attack

A popular open-source vulnerability scanner (Trivy) was compromised last week in a supply chain attack

Scheduled Pinned Locked Moved Uncategorized
2 Posts 2 Posters 0 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • campuscodi@mastodon.socialC This user is from outside of this forum
    campuscodi@mastodon.socialC This user is from outside of this forum
    campuscodi@mastodon.social
    wrote last edited by
    #1

    A popular open-source vulnerability scanner (Trivy) was compromised last week in a supply chain attack

    https://www.aquasec.com/blog/autonomous-runtime-security-turning-runtime-intelligence-into-agentic-response-2/

    https://www.aikido.dev/blog/teampcp-deploys-worm-npm-trivy-compromise

    https://github.com/aquasecurity/trivy/discussions/10425

    https://socket.dev/blog/trivy-under-attack-again-github-actions-compromise

    https://www.stepsecurity.io/blog/trivy-compromised-a-second-time---malicious-v0-69-4-release

    https://www.wiz.io/blog/trivy-compromised-teampcp-supply-chain-attack

    https://www.crowdstrike.com/en-us/blog/from-scanner-to-stealer-inside-the-trivy-action-supply-chain-compromise/

    bontchev@infosec.exchangeB 1 Reply Last reply
    0
    • campuscodi@mastodon.socialC campuscodi@mastodon.social

      A popular open-source vulnerability scanner (Trivy) was compromised last week in a supply chain attack

      https://www.aquasec.com/blog/autonomous-runtime-security-turning-runtime-intelligence-into-agentic-response-2/

      https://www.aikido.dev/blog/teampcp-deploys-worm-npm-trivy-compromise

      https://github.com/aquasecurity/trivy/discussions/10425

      https://socket.dev/blog/trivy-under-attack-again-github-actions-compromise

      https://www.stepsecurity.io/blog/trivy-compromised-a-second-time---malicious-v0-69-4-release

      https://www.wiz.io/blog/trivy-compromised-teampcp-supply-chain-attack

      https://www.crowdstrike.com/en-us/blog/from-scanner-to-stealer-inside-the-trivy-action-supply-chain-compromise/

      bontchev@infosec.exchangeB This user is from outside of this forum
      bontchev@infosec.exchangeB This user is from outside of this forum
      bontchev@infosec.exchange
      wrote last edited by
      #2

      @campuscodi The vulnerability scanner was vulnerable. 🤣 Doctor, heal thyself.

      1 Reply Last reply
      1
      0
      • R relay@relay.infosec.exchange shared this topic
      Reply
      • Reply as topic
      Log in to reply
      • Oldest to Newest
      • Newest to Oldest
      • Most Votes

      • Login
      • Login or register to search.
      • First post
        Last post
      0
      • Categories
      • Recent
      • Tags
      • Popular
      • World
      • Users
      • Groups