Trivy GitHub Breach Exposes CI/CD Supply Chain Risk

Hackers Compromise Trivy Scanner to Inject malicious Scripts and Steal Login Credentials | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker - National Cyber Security Consulting

Malicious Script Injection in Trivy Compromise A sophisticated supply chain attack targeting the official Trivy GitHub Action (aquasecurity/trivy-action) has compromised continuous integration and continuous deployment (CI/CD) pipelines globally. Disclosed in late March 2026, this incident marks the second distinct compromise affecting the Trivy ecosystem within a single month. Threat actors successfully force-pushed 75 out of […] Thank you for …

Trivy GitHub breach exposes CI/CD supply chain risk

Aqua Security's Trivy GitHub Action was hijacked to ship infostealer code via CI/CD pipelines, exposing secrets across downstream users.

Trivy GitHub Actions Supply Chain Compromise: How TeamPCP Turned a Security Scanner Into a Credential Stealer

TeamPCP turned Trivy into a credential stealer by force-pushing 75 version tags to malicious commits — causing thousands of CI/CD pipelines to silently execute attacker code. The post Trivy GitHub Actions Supply Chain Compromise: How TeamPCP Turned a Security Scanner Into a Credential Stealer appeared first on Phoenix Security.

Trivy Supply Chain Attack Exposes CI/CD Secrets in Second Breach Within Weeks

A widely used open source security tool at the center of modern software pipelines has been compromised again, raising new concerns about how attackers are targeting the software supply chain to access sensitive developer infrastructure.Trivy, the vulnerability scanner maintained by Aqua Security, was recently exploited to distribute malware through its official GitHub Actions integrations. The incident marks the second breach involving the proj…

From Scanner to Stealer: Inside the trivy-action Supply Chain Compromise

While investigating a spike in script execution detections across several CrowdStrike Falcon® platform customers, CrowdStrike’s Engineering team traced the activity to a compromised GitHub Action named aquasecurity/trivy-action. This popular open-source vulnerability scanner is frequently used in CI/CD pipelines.  Our investigation found that 76 of the scanner’s 77 release tags had been retroactively poisoned via git tag repointing, replacing th…

What happened to Trivy’s supply chain?

Trivy vulnerability scanner supply chain compromise Trivy, a widely used vulnerability scanner associated with Aqua Security, was compromised as part of an ongoing supply chain attack. The scope described in the coverage indicates that hackers managed to affect essentially all versions of Trivy by…