The most interesting supply chain attack I've ever seen: #trivy
The attack is really bizarre. I learned a lot about GitHub Actions and how the attack was performed.
- https://www.aquasec.com/blog/trivy-supply-chain-attack-what-you-need-to-know/
- https://www.stepsecurity.io/blog/hackerbot-claw-github-actions-exploitation
- https://ramimac.me/trivy-teampcp/#timeline
- https://snyk.io/articles/trivy-github-actions-supply-chain-compromise/
#cybersecurity #supplychain #github #glassworm #githubactions #attack #TeamPCP #c2