The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions.
‘If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ Trivy maintainer says. Attackers have compromised the widely used open-source ...
Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing supply chain attack that could have wide-ranging consequences for developers ...
Socket and Wiz confirm widespread credential theft and worm‑like propagation, with cached malicious Trivy artifacts still circulating across mirror infrastructure despite takedowns. What started as a ...
A new set of compromised Docker images linked to the Trivy supply chain attack has been identified, expanding the impact of the incident across developer environments and CI/CD pipelines. On March 19, ...
Aqua Security is scrambling to recover from supply chain attacks that first compromised the vendor's Trivy vulnerability scanner, and which have now seen threat actor TeamPCP breach its internal ...
Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to ...