A popular open-source vulnerability scanner (Trivy) was compromised last week in a supply chain attack
-
A popular open-source vulnerability scanner (Trivy) was compromised last week in a supply chain attack
Update: Ongoing Investigation and Continued Remediation
Open Source Security Advisory Update: Wednesday, March 25, 2026 Boston, MA 12:30 AM ET Our response has progressed into the remediation and documentation phase. With the core investigation and immediate containment actions largely complete, our focus is now on consolidating findings and communicating them clearly to customers and stakeholders. Working closely with Sygnia, we are developing formal documentation that includes the confirmed …
Aqua (www.aquasec.com)
TeamPCP deploys CanisterWorm on NPM following Trivy compromise
TeamPCP deploys CanisterWorm on NPM following Trivy compromise
(www.aikido.dev)
Trivy Security incident 2026-03-19 · aquasecurity/trivy · Discussion #10425
Trivy Security incident 2026-03-19
GitHub (github.com)
Trivy Under Attack Again: Widespread GitHub Actions Tag Comp...
Attackers compromised Trivy GitHub Actions by force-updating tags to deliver malware, exposing CI/CD secrets across affected pipelines.
Socket (socket.dev)
.png)
Trivy Compromised a Second Time - Malicious v0.69.4 Release, aquasecurity/setup-trivy, aquasecurity/trivy-action GitHub Actions Compromised - StepSecurity
On March 19, 2026, trivy — a widely used open source vulnerability scanner maintained by Aqua Security — experienced a second security incident. Three weeks after the hackerbot-claw incident on February 28 that resulted in a repository takeover, a new compromised release (v0.69.4) was published to the trivy repository. The original incident disclosure discussion (#10265) was also deleted during this period, and version tags on the aquasecurity/setup-trivy GitHub Action were removed. Trivy maintainers deleted the v0.69.4 tag and Homebrew downgraded to v0.69.3. The following is a factual account of what we observed through public GitHub data.
(www.stepsecurity.io)
Trivy Compromised by "TeamPCP" | Wiz Blog
Breaking down the March 2026 Trivy supply chain attack. TeamPCP compromised trivy + trivy-action & setup-trivy GitHub Actions, deploying credential stealers.
wiz.io (www.wiz.io)
From Scanner to Stealer: Inside the trivy-action Supply Chain Compromise
CrowdStrike discusses how this activity was discovered, how the attack works, what the payload does, and how to defend.
CrowdStrike.com (www.crowdstrike.com)
-
A popular open-source vulnerability scanner (Trivy) was compromised last week in a supply chain attack
Update: Ongoing Investigation and Continued Remediation
Open Source Security Advisory Update: Wednesday, March 25, 2026 Boston, MA 12:30 AM ET Our response has progressed into the remediation and documentation phase. With the core investigation and immediate containment actions largely complete, our focus is now on consolidating findings and communicating them clearly to customers and stakeholders. Working closely with Sygnia, we are developing formal documentation that includes the confirmed …
Aqua (www.aquasec.com)
TeamPCP deploys CanisterWorm on NPM following Trivy compromise
TeamPCP deploys CanisterWorm on NPM following Trivy compromise
(www.aikido.dev)
Trivy Security incident 2026-03-19 · aquasecurity/trivy · Discussion #10425
Trivy Security incident 2026-03-19
GitHub (github.com)
Trivy Under Attack Again: Widespread GitHub Actions Tag Comp...
Attackers compromised Trivy GitHub Actions by force-updating tags to deliver malware, exposing CI/CD secrets across affected pipelines.
Socket (socket.dev)
Trivy Compromised a Second Time - Malicious v0.69.4 Release, aquasecurity/setup-trivy, aquasecurity/trivy-action GitHub Actions Compromised - StepSecurity
On March 19, 2026, trivy — a widely used open source vulnerability scanner maintained by Aqua Security — experienced a second security incident. Three weeks after the hackerbot-claw incident on February 28 that resulted in a repository takeover, a new compromised release (v0.69.4) was published to the trivy repository. The original incident disclosure discussion (#10265) was also deleted during this period, and version tags on the aquasecurity/setup-trivy GitHub Action were removed. Trivy maintainers deleted the v0.69.4 tag and Homebrew downgraded to v0.69.3. The following is a factual account of what we observed through public GitHub data.
(www.stepsecurity.io)
Trivy Compromised by "TeamPCP" | Wiz Blog
Breaking down the March 2026 Trivy supply chain attack. TeamPCP compromised trivy + trivy-action & setup-trivy GitHub Actions, deploying credential stealers.
wiz.io (www.wiz.io)
From Scanner to Stealer: Inside the trivy-action Supply Chain Compromise
CrowdStrike discusses how this activity was discovered, how the attack works, what the payload does, and how to defend.
CrowdStrike.com (www.crowdstrike.com)
@campuscodi The vulnerability scanner was vulnerable.
Doctor, heal thyself. -
R relay@relay.infosec.exchange shared this topic
